« Dreamweaver and MX 2004 EULA Updates Released | Main | getAuthUser needs CFLOGIN »
March 17, 2004
ColdFusion Security Bulletins
For those of you who don't keep up with ColdFusion security bulletins, one was issue recently that you might want to look into, especially if you expose web services.
MPSB04-04 Security Patch available for ColdFusion MX and JRun 4.0 Web Services DoS
ColdFusion MX and JRun 4.0 Web Services may be vulnerable to a Denial-of-Service attack from maliciously constructed SOAP requests. ColdFusion Version 5 and earlier versions and JRun 3.1 and earlier versions do not support Web Services and are not vulnerable.
If you're behind in your security patches, while you're at it, you might want to install this one, as well:
MPSB04-02 Security Patch available for ColdFusion MX 6.1 form fields Denial of service
ColdFusion MX 6.1 is vulnerable to a denial of service attack if a malicious user creates a ficticious request containing a large number of form fields.
Find all the most recent Macromedia security bulletins at the Macromedia Security Zone. And if either of this bulletins were news to you, I recommend that you sign up for the Macromedia Security Notification Service.
Posted by cantrell at March 17, 2004 10:38 AM