Applying ColdFusion Security Patches Gotcha

Posted At : May 17, 2010 3:32 PM
Related Categories: Web Dev

A friend of mine has been having trouble getting a particular ColdFusion security hotfix applied APSB10-05. He follows the instructions in the KB article, however scans indicate the vulnerability exists.

As it turns out, this fix involved replacing some .jar files in the CF lib folder. The instructions state to make a backup of the files. In this case my friend simply copied them to the same folder. So flex-messaging.jar became copy-of- flex-messaging.jar. He then put up the two new .jar files and started back up the CF service.

The trouble is, those copies were still being loaded. CF loaded all the jar files in the folder, and presto bad jars were again loaded. Once he stopped the service, took the old jar files completely out of the CF install, then restarted everything passed inspection just fine.

A couple things to consider.

1) Just because you applied a hotfix doesn't mean it is applied correctly. 2) You should run scans to confirm. I recommend Hack My CF.

Comments Comments (0) | Print Print | del.ico.us del.icio.us | Digg It! Digg It! | 1115 Views
TweetBacks
Comments

There are no comments for this entry.

[Add Comment] [Subscribe to Comments]

NAVIGATION

Home
About Me

RSS


Search

Subscribe

Enter your email address to subscribe to this blog.

Recent Entries

Inception Plot Questions
Random Chuck Norris Fact Generator With A Twist
Virtual Currency for Buses
Applying ColdFusion Security Patches Gotcha
Privacy, Walled Gardens, Standards and Our Future

Recent Comments

FireFox 3.6 KTML Editor Fix
rock guitar said: Is the ktml realy discontinued for dreamweaver [More]

FireFox 3.6 KTML Editor Fix
Joshua said: Hi Wayne, I just tried opening the editor in IE from the link you supplied. I was able to open the ... [More]

FireFox 3.6 KTML Editor Fix
wayne said: Hi everybody, thanks for your reply joshua. I still have a bug for ktml in asp for a link properties... [More]

Inception Plot Questions
said: [More]

Inception Plot Questions
Taylor said: Hey there Josh, Great questions all. You seem to think this is more of a Jacob's Ladder equivalent ... [More]

Calendar

<< September 2010 >>
Sun Mon Tue Wed Thu Fri Sat
   1234
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30   

Archives By Subject

blogs (31) [RSS]
books (4) [RSS]
Crazy (39) [RSS]
DIY (8) [RSS]
Flex (3) [RSS]
games (10) [RSS]
GRRR (13) [RSS]
Ideas (11) [RSS]
Local (14) [RSS]
LOLpics (2) [RSS]
money (9) [RSS]
music (3) [RSS]
Personal (27) [RSS]
Photos (8) [RSS]
Politics (8) [RSS]
Projects (22) [RSS]
Review (19) [RSS]
RPM (9) [RSS]
Spam (16) [RSS]
Technology (68) [RSS]
Testing (3) [RSS]
TV (15) [RSS]
video (32) [RSS]
Web Dev (224) [RSS]
World of Warcraft (16) [RSS]