TechNote (Archived)

ColdFusion MX 7.0.1 and 7.0.2: AdminAPI security update

Issue

The ColdFusion MX 7 AdminAPI allows you to create CFML that duplicates all functionality of the ColdFusion administrator. All access to the AdminAPI should start with an authentication function to keep ColdFusion secure. Methods exist that call the AdminAPI without first calling this authentication function.

Solution

Adobe has released a security bulletin that includes a patch to resolve this issue. Download the ZIP file to your ColdFusion server and install the update as follows:

Windows:

Unzip the file into the webroot where /CFIDE/administrator exists. Generally, this is \inetpub\wwwroot on Windows running IIS. Make sure the 'Use Folder Names' option is checked.

Confirm that all of the *.CFC files in /CFIDE/adminapi directory have been updated.

Linux and Solaris:

Extract using the unzip command.
unzip -d web_root HF702-APSBO6-11.zip
For example: unzip -d /opt/apache2/htdocs HF702-APSBO6-11.zip

Additional Information

ColdFusion hot fixes (MX 7 and higher)

This content requires Flash

To view this content, JavaScript must be enabled, and you need the latest version of the Adobe Flash Player.

Download the free Flash Player now!

Search Support

Document Details

ID:	287ec799

Last updated:2006-08-10
http://go.adobe.com/kb/ts_287ec799_en-us

Products Affected:

coldfusion