Skip to main content
B
bmelendy
Known Participant
August 23, 2009
Question

CVE-2009-1872 Hotfix Incorrect Instructions??

  • August 23, 2009
  • 1 reply
  • 2072 views

The instructions for CVE-2009-1872, CVE-2009-1877 located here:

http://download.macromedia.com/pub/coldfusion/updates/ReadMe_1872_1877.txt

It says clearly on step 4 that:

"4) From the downloaded CFIDE copy cf_debugFr.cfm to <cfwebroot>\CFIDE\debug\ and _logintowizard.cfm to <cfwebroot>\CFIDE\wizards\common."

I have downloaded the archive in question twice from:

http://download.macromedia.com/pub/coldfusion/updates/702/CF7.0.2.zip

and the file is missing the \wizards\ folder and of course the _logintowizard.cfm file.

Adobe, what do I do here?

    This topic has been closed for replies.

    1 reply

    D
    DaveF67
    Inspiring
    August 25, 2009

    http://download.macromedia.com/pub/coldfusion/updates/8/CFIDE-8.zip

    This has the missing file.

    Discussion can be found here:

    http://forta.com/blog/index.cfm/2009/8/17/ColdFusion-And-JRun-Security-Hotfixes-Posted#c4DCF8A94-3048-80A9-EF9B6E8116427611

    B
    bmelendyAuthor
    Known Participant
    August 25, 2009

    But will this address the 7.x servers as well?  The archive indicates 8.x servers.

    Isn't Adobe going to fix this?  If this is a serious security risk, why isn't there a complete patch file that will fix it?  I'm wondering if Adobe monitors these forums at all?

    Ubqtous-ccgIFR
    Ubqtous-ccgIFR
    Participant
    September 1, 2009

    The Adobe ZIP has been fixed and now includes both cf_debugFr.cfm and _logintowizard.cfm:

    http://download.macromedia.com/pub/coldfusion/updates/702/7_0_2.zip

    http://www.adobe.com/support/security/bulletins/apsb09-12.html

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices