Pete Freitag Pete Freitag

Pete Freitag's Homepage

ColdFusion searchImplicitScopes and APSB24-14

Adobe has published a ColdFusion Security Hotfix APSB24-14 today which describes "a critical vulnerability that could lead to arbitrary file system read"....

Lucee RCE Vulnerabilities February 2024

Last week security researchers from Project Discovery published details on three Lucee vulnerabilities:...

DNS over HTTPS is not what I thought

A few months ago I was on a mission to remove some of the old broken links on my blog. I started blogging back in 2002, so many of the sites that I linked to twenty years ago were no longer active, or no longer under the same ownership....

Remove the Server Header in any IIS Version

Removing the Server Header as of IIS 10 (the version of IIS installed by default on Windows Server 2016, 2019 or 2022) is now much easier than it had been with prior versions of IIS....

Self Signed Certificates in Edge on Windows 2022

When setting up a server for training purposes I wanted to create a self signed certificate for app1.example.com and trust it in Edge on Windows Server 2022....

The newline cat mystery

I ran into a really strange problem today, whenever I would write a file it would show up as empty on my file system....

Ticket to ColdFusion Summit 2023

The Adobe ColdFusion Summit is coming up in October. I will be speaking at the conference, and my company Foundeo is also one of the conference sponsors....

Into The Box 2023 Slides

I'm back from Houston Texas after another great Into the Box conference. Slides for my talk Taming the top 25 Most Dangerous Software Weaknesses can be found here....

File Created Date Time in ColdFusion / CFML

Today I needed to get the time that a file was created from within some CFML code. I had first thought that cfdirectory or directoryList would return this, but it only returns the date the a file was modified, not the date that it was created....

Speaking at ColdFusion Summit Online Next Week

I will be giving my talk Taming the Top 25 Most Dangerous Software Weaknesses (for ColdFusion Developers) next Tuesday, December 6th 2022 at 1pm US Eastern Time. You will need to register with Adobe to join, it's free....

OpenSSL and ColdFusion / Lucee / Tomcat

I've had a several people asking me about the openssl vulnerabilities that were patched this week: CVE-2022-3602 and CVE-2022-3786 aka Spooky SSL....

ColdFusion Security Training Class December 2022

Early bird registration is open for my ColdFusion Security Training deep dive class in December. If you've ever attended one of my conference sessions on ColdFusion Security at Adobe ColdFusion Summit or Into The Box (or even cf....

CFBreak
The weekly newsletter for the CFML Community