Christian Cantrell: Patch Available For ColdFusion MX Enterprise Edition Sandbox Security Issue

« Some Tips on Installing JRun 4 and CFMX on OS X | Main | Unscheduled Downtime »

January 11, 2003

Patch Available For ColdFusion MX Enterprise Edition Sandbox Security Issue

The <cfinclude> tag and the <cfmodule> tag will accept filenames with relative paths as arguments. ColdFusion MX does not check the Sandbox Security Files/Dirs permissions before including files with these tags. This could allow a template to access unauthorized data using these tags.

Find out more (and download the patch) at the URL below:
http://www.macromedia.com/v1/handlers/index.cfm?ID=23638

Posted by cantrell at January 11, 2003 9:10 PM