cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
0
Upvote

CVE-2009-1872 Hotfix Incorrect Instructions??

bmelendy
New Here ,
Aug 22, 2009 Aug 22, 2009

The instructions for CVE-2009-1872, CVE-2009-1877 located here:

http://download.macromedia.com/pub/coldfusion/updates/ReadMe_1872_1877.txt

It says clearly on step 4 that:

"4) From the downloaded CFIDE copy cf_debugFr.cfm to <cfwebroot>\CFIDE\debug\ and _logintowizard.cfm to <cfwebroot>\CFIDE\wizards\common."

I have downloaded the archive in question twice from:

http://download.macromedia.com/pub/coldfusion/updates/702/CF7.0.2.zip

and the file is missing the \wizards\ folder and of course the _logintowizard.cfm file.

Adobe, what do I do here?

CFIDE7.0.2.zip
2 KB
2.0K
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 4 Replies 4
latest latest Jump to latest reply
DaveF67
Explorer ,
Aug 25, 2009 Aug 25, 2009

http://download.macromedia.com/pub/coldfusion/updates/8/CFIDE-8.zip

This has the missing file.

Discussion can be found here:

http://forta.com/blog/index.cfm/2009/8/17/ColdFusion-And-JRun-Security-Hotfixes-Posted#c4DCF8A94-3048-80A9-EF9B6E8116427611

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
bmelendy
New Here ,
Aug 25, 2009 Aug 25, 2009
In Response To DaveF67

But will this address the 7.x servers as well?  The archive indicates 8.x servers.

Isn't Adobe going to fix this?  If this is a serious security risk, why isn't there a complete patch file that will fix it?  I'm wondering if Adobe monitors these forums at all?

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Ubqtous-ccgIFR
New Here ,
Sep 01, 2009 Sep 01, 2009
In Response To bmelendy

The Adobe ZIP has been fixed and now includes both cf_debugFr.cfm and _logintowizard.cfm:

http://download.macromedia.com/pub/coldfusion/updates/702/7_0_2.zip

http://www.adobe.com/support/security/bulletins/apsb09-12.html

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
rmalle01
New Here ,
Apr 15, 2014 Apr 15, 2014
LATEST
In Response To Ubqtous-ccgIFR

The link to download the zip for this update does not work.  Can you provide a new one?

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Open in a new window
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices