Security Hotfix APSB10-18 for MX7 ?

Question

I just read about the the APSB10-18 Vulnerability (http://www.adobe.com/support/security/bulletins/apsb10-18.html).

Since it says it is "... identified in ColdFusion 9.0.1 and earlier versions for Windows..." does that mean version 7 has this vulerability as well?

If so, is there a patch for MX7 or do I need to upgrade?

If I need to upgrade, which would be the better choice - 8 or 9?

Many thanks in advance,

Richard

JR__Bob__Dobbs · Accepted Answer

Using Windows authentication is better than the default username/password security, but my preference is to only deploy the administrator directory when I need to make a change to the server (such as adding a data source ). I remove the directory when I'm done. I figure the administrator directory can't be hacked if it isn't on the server to begin with.

If you choose windows authentication I would also recommend that you configure your active directory server to lock out users after multiple login attempts with an invalid password. This will reduce your vulnerability to brute force attacks.

JR__Bob__Dobbs · Answer

It does not appear that CF7 is still supported by Adobe. It is not listed as a supported product ( http://www.adobe.com/support/programs/policies/supported.html ).

If you have the option to upgrade I would with go to the latest version of CF.

Alternately you could work around the vulnerablilty by not deploying the CFIDE/Administrator directory to your production web servers.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded