Previous articleBack to news listNext article
|
Sponsored links |
Want to become one of our authors and see your work published on ALLSeek.iNFO ?
|
| Macromedia ColdFusion MX 6.1 Access Control Flaw Lets Objects Bypass Sandbox Security |
|---|
Categorie: Vulnerability
Posted: 2004-01-29 by ReCall
Views: 370
Source: Click here
| Current Rating: Not rated
|
|
| Details |
|---|
Description: A vulnerability was reported in Macromedia's ColdFusion. A Java object can bypass the sandbox security features.
It is reported that a remote authenticated user can create Java objects that can instantiate classes without using CreateObject() or tags, thereby bypassing the ColdFusion MX 6.1 sandbox security features.
The vendor reports that ColdFusion MX (aka version 6.0) and ColdFusion MX 6.1 Standard Edition are not vulnerable.
Macromedia has assigned a "critical" severity rating to this issue.
Impact: A remote authenticated user (with privileges to create Java objects on the target system) can bypass sandbox security restrictions to access data and functions belonging to other objects.
Solution: Macromedia has released the Sandbox Security patch (7 KB ZIP) for ColdFusion MX 6.1, available at:
http://download.macromedia.com/pub/security/mpsb04-01.zip
|
| Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=686
|
| User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
|
Previous articleBack to news listNext article
|
