cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
0
Upvote

Are Linux servers also vullnerable to apsb 11-14?

wl2545
New Here ,
Apr 29, 2014 Apr 29, 2014

Are Linux servers also vulnerable to apsb 11-14?  Only Windows, Mac's, and UNIX systems are listed in the alert.  We are running CF 9.0

676
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 8 Replies 8
latest latest Jump to latest reply
pete_freitag
Enthusiast ,
Apr 29, 2014 Apr 29, 2014

Yes linux servers also need to apply that patch. When they say UNIX, they are including: Linux, Solaris, AIX

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
nj040b
New Here ,
Apr 29, 2014 Apr 29, 2014
In Response To pete_freitag

We are running CF 9 on Linux. To remediate vulnerability (APSB11-14), we were given below link for fix:

http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb11-14.html

We followed the steps and finally when we started CF Admin, it was throwing error. It was looking for path in as in Windows like

'C:/{ColdFusionHome}/wwwroot ..........now the question is if the CFIDE or CF9 provided on this link also applicable for Linux too?If so, do we need to do any customization?

Moreover if you look at step 9 for this:

Go to {ColdFusion-Home}/wwwroot/WEB-INF directory and make a backup of WEB-INF folder.

above path is using wwwroot which I guess comes in Windows.

If somebody knows a separate link for APSB11-14 for Linux or can guide us if we are missing something on above link, please let me know.

Thanks

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
pete_freitag
Enthusiast ,
Apr 29, 2014 Apr 29, 2014
In Response To nj040b

On linux {ColdFusion-Home} would be /opt/coldfusion9 or something like that by default. It still does have the wwwroot folder, you can find WEB-INF by running: find /opt | fgrep WEB-INF

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
nj040b
New Here ,
Apr 29, 2014 Apr 29, 2014
In Response To pete_freitag

thanks Peter for your response!

I checked again and found -- in our dev box there are two instances --- dev and test...but in coldFusion home there is no wwwroot folder, but in prod box where only one instance is running has the one. Any idea to let wwwroot off on dev box? I am not sure how adding wwwroot to dev box will impact application.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
pete_freitag
Enthusiast ,
Apr 29, 2014 Apr 29, 2014
In Response To nj040b

Sounds like you have a Multiserver/J2EE/JRun install type on your dev box, and a standard install on the production server. Those result in a different folder structure.   So just ignore the wwwroot/WEB-INF and just look for the WEB-INF folder, there should only be one WEB-INF folder per instance. You don't need to create a wwwroot folder.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
nj040b
New Here ,
Apr 29, 2014 Apr 29, 2014
In Response To pete_freitag

yes, we have multi server installation.Now I got confused in this step

Extract all files in CFIDE-9.zip to the web root directory that has {CFIDE-HOME} folder

should I extract these to {CFIDE-HOME} or one level up?

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
nj040b
New Here ,
Apr 29, 2014 Apr 29, 2014
In Response To nj040b

I understood above one. please disregard. Now I performed all the steps and started CF server. CF Admin has come up fine. Still is there any way I can check if the hotfix installed successfully?

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
nj040b
New Here ,
Apr 29, 2014 Apr 29, 2014
LATEST
In Response To nj040b

I see this in CF admin:

Update Level {CFHOME}/WEB-INF/cfusion/lib/updates/hf900-00003.jar   

I think this tells me hotfix applied successfully....

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Open in a new window
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices