Applying ColdFusion Security Patches Gotcha

Posted At : May 17, 2010 3:32 PM
Related Categories: Web Dev

A friend of mine has been having trouble getting a particular ColdFusion security hotfix applied APSB10-05. He follows the instructions in the KB article, however scans indicate the vulnerability exists.

As it turns out, this fix involved replacing some .jar files in the CF lib folder. The instructions state to make a backup of the files. In this case my friend simply copied them to the same folder. So flex-messaging.jar became copy-of- flex-messaging.jar. He then put up the two new .jar files and started back up the CF service.

The trouble is, those copies were still being loaded. CF loaded all the jar files in the folder, and presto bad jars were again loaded. Once he stopped the service, took the old jar files completely out of the CF install, then restarted everything passed inspection just fine.

A couple things to consider.

1) Just because you applied a hotfix doesn't mean it is applied correctly. 2) You should run scans to confirm. I recommend Hack My CF.

Comments Comments (0) | Print Print | del.ico.us del.icio.us | Digg It! Digg It! | 2019 Views
TweetBacks
Comments (Comment Moderation is enabled. Your comment will not appear until approved.)

There are no comments for this entry.

[Add Comment] [Subscribe to Comments]

NAVIGATION

Home
About Me

RSS


Search

Subscribe

Enter your email address to subscribe to this blog.

Recent Entries

Google TV Review
Playbook - Developers It's Time To Get Started
cf.Objective 2011 - Speak Your Mind
Timesheets, Project Management, and Invoicing - FreshBooks Review
A New Phase of My Life

Recent Comments

FireFox 3.6 KTML Editor Fix
Herman said: Hello, Sinds Firefox 10 is out the filebrowser in KTML and CSS Styles are not avaible... Any sugges... [More]

OTA OK?
AnoraDD said: I get 18 of these exact sms's everyday! How do I get it to STOP?!? [More]

Coldfusion Hosting with Network Solutions
LIzm said: Ugh. I have a client who insists on hosting with them and two weeks after first contact, a very simp... [More]

IE nested list item whitespace solution: vertical-align:bottom
Lauren said: Thought I'd add to the thank yous... Thank you! [More]

OTA OK?
Rita said: Thank you, this was very helpful. [More]

Calendar

<< February 2012 >>
Sun Mon Tue Wed Thu Fri Sat
   1234
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29    

Archives By Subject

blogs (31) [RSS]
books (4) [RSS]
Consulting (2) [RSS]
Crazy (39) [RSS]
DIY (8) [RSS]
Flex (3) [RSS]
games (10) [RSS]
GRRR (13) [RSS]
Ideas (11) [RSS]
Local (15) [RSS]
LOLpics (2) [RSS]
money (9) [RSS]
music (3) [RSS]
Personal (28) [RSS]
Photos (8) [RSS]
Politics (8) [RSS]
Projects (22) [RSS]
Review (20) [RSS]
RPM (9) [RSS]
Spam (16) [RSS]
Technology (69) [RSS]
Testing (3) [RSS]
TV (15) [RSS]
video (32) [RSS]
Web Dev (230) [RSS]
World of Warcraft (16) [RSS]