The ColdFusion MX 7 AdminAPI allows you to create CFML that duplicates all functionality of the ColdFusion administrator. All access to the AdminAPI should start with an authentication function to keep ColdFusion secure. Methods exist that call the AdminAPI without first calling this authentication function.

Solution

Adobe has released a security bulletin that includes a patch to resolve this issue. Download the ZIP file to your ColdFusion server and install the update as follows:

Windows:

Unzip the file into the webroot where /CFIDE/administrator exists. Generally, this is \inetpub\wwwroot on Windows running IIS. Make sure the 'Use Folder Names' option is checked.

Confirm that all of the *.CFC files in /CFIDE/adminapi directory have been updated.

Linux and Solaris:

Extract using the unzip command.
unzip -d web_root HF702-APSBO6-11.zip
For example: unzip -d /opt/apache2/htdocs HF702-APSBO6-11.zip

Additional Information

ColdFusion hot fixes (MX 7 and higher)

Doc ID
(287ec799)

Last updated
2006-08-10

Products affected

ColdFusion 7.0.1
ColdFusion MX

Contacting Adobe Support

Still need help?
Find out about all your support options.
Contact support

Ad Choices

Title

ColdFusion MX 7.0.1 and 7.0.2: AdminAPI security updateProducts affected

Issue

Solution

Windows:

Linux and Solaris:

Additional Information

Contacting Adobe Support

Products

Solutions

Industries

Help

Learning

Ways to buy

Downloads

Company