Cold Fusion applications bypass security (165998)
The information in this article applies to:
- Microsoft Internet Information Server 2.0
- Microsoft Internet Information Server 3.0
This article was previously published under Q165998 We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site: SYMPTOMS
Cold Fusion template files that should be only accessible to
authenticated users are also getting returned to other users.
CAUSE
The Cold Fusion ISAPI dll file is running in a manner that does not
preserve the user context. Therefore, it allows the cfm file to run
solely based on the permissions assigned the Cold Fusion dll
(Iscf.dll) file.
WORKAROUNDContact Adobe Support to obtain the appropriate file or files that you must have to resolve the problem. For more information, visit the following Web site:
MORE INFORMATION
The third-party products discussed here are manufactured by vendors
independent of Microsoft. We make no warranty, implied or otherwise,
regarding performance or reliability of these products.
Modification Type: | Minor | Last Reviewed: | 6/30/2006 |
---|
Keywords: | kb3rdparty kbprb KB165998 |
---|
|