{"id":332,"date":"2005-12-20T03:28:17","date_gmt":"2005-12-19T20:28:17","guid":{"rendered":""},"modified":"2005-12-20T03:28:17","modified_gmt":"2005-12-19T20:28:17","slug":"coldfusion-holes-allow-security-bypass","status":"publish","type":"post","link":"https:\/\/deepquest.code511.com\/blog\/2005\/12\/coldfusion-holes-allow-security-bypass\/","title":{"rendered":"ColdFusion Holes Allow Security Bypass"},"content":{"rendered":"<p>Flaws have been found in multiple versions of Adobe Systems Inc.&#8217;s Macromedia ColdFusion that could allow remote or local attackers to bypass security restrictions. Malicious local users can also disclose potentially sensitive information.<!--more--><\/p>\n<p>One of the flaws, which Secunia has dubbed moderately critical, is in the Sandbox Security function. It fails silently without giving an exception when ColdFusion is running on a JRun 4 cluster member with the Java SecurityManager disabled.<\/p>\n<p>According to the alert, this could allow the bypass of some security controls in applications that rely on Sandbox Security.<\/p>\n<p>Another flaw has to do with an input validation error when handling the &#8220;Subject&#8221; field of the CFMAIL tag. The flaw &#8220;can be exploited in an application that uses the tag to attach arbitrary files and send mails with any content,&#8221; according to Secunia&#8217;s advisory.<\/p>\n<p>more from [url=http:\/\/www.eweek.com\/article2\/0,1895,1902746,00.asp]Eweek[\/url]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>ColdFusion Holes Allow Security Bypass, Info Exposure<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3],"tags":[],"class_list":["post-332","post","type-post","status-publish","format-standard","hentry","category-security"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4bBYZ-5m","_links":{"self":[{"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/posts\/332","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/comments?post=332"}],"version-history":[{"count":0,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/posts\/332\/revisions"}],"wp:attachment":[{"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/media?parent=332"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/categories?post=332"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/tags?post=332"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}