ColdFusion wsconfig Hotfix CVE-2009-1876 is for Apache Only

coldfusion There has been some confusion over the ColdFusion web server connector (wsconfig.jar) hotfix CVE-2009-1876 which is part of Adobe Security Bulletin APSB09-12.

Whether or not this hotfix is required on IIS has been a question posed by many.

This entry was:

ColdFusion Security Hotfixes Released

coldfusion Adobe posted several critical hotfixes for ColdFusion and JRun yesterday in Security Bulletin APSB09-12.

I discovered one of the XSS vulnerabilities, and I will post details about it soon. In the mean time, please patch your servers.

This entry was:

Security Tradeoffs

misc I've said it before, tradeoff's pop up in programming all the time. They are often difficult decisions, with no easy answer, and we often make the wrong decision.

This entry was:

Creating a Derby Datasource with ColdFusion Admin API

coldfusion databases I am working on some example code for some CFUG managers who are demoing our ColdFusion WAF product at their groups. I wanted the demo to be very easy to setup, so I decided to use Apache Derby for the database, since it is embedded with CF8.

This entry was:


did you hack my cf?