Security Hotfix APSB13-03
I am trying to install secruity hotfix on Red Hat 5 server running coldfusion 9.0. I am having trouble with the .zip files... Any suggestions?
What does "having trouble with the .zip files" mean?
Similar Messages
-
How do I know if security hotfix APSB13-13 has been applied? My version is 9.0.1.274733
How do I know if security hotfix APSB13-13 has been applied? My version is 9.0.1.274733
With APBS13-13 applied CFAdmin System Information would report:
Server Details
Server Product ColdFusion
Version 9,0,1,274733
Update Level /C:/ColdFusion9/lib/updates/hf901-00010.jar
HTH, Carl. -
CVE-2013-0632, Hotfix APSB13-03 for Coldfusion 8 ???
Hello; I have a question regarding the Coldfusion Security Bulletin APSB13-03 for ColdFusion 10, 9.0.2, 9.0.1 and 9.0.
Is this hotfix also availablefor Coldfusion 8.01? We use the Coldfusion 8.01 enterprise version.
Patched on the last available hotfix APSB12-21 -> Security update: Hotfix available for ColdFusion 10 and earlier.
By regulary scanning our systems a finding regarding CVE-2013-0632 was found by the scanners, to resolve with APSB13-03.
Is APSB13-03 available for Coldfusion 8.01? Core support ends 7/31/2012 (the last hotfix for cf 8 wa from 11/2012!)
But extended Support reaches until 7/31/2014.
frankThanks;
You wrote exactly my thoughts )
Mit freundlichen Grüßen
Frank Winkelmann
Siemens AG
Corporate Information Technology
Corporate Automation
CIT CA HS 1 4
Hugo-Junkers-Str. 9
90411 Nürnberg, Deutschland
Tel. Geschäftlich: 091145051290
Tel. Mobil: 015254690615
mailto:[email protected]
Siemens Aktiengesellschaft: Vorsitzender des Aufsichtsrats: Gerhard Cromme; Vorstand: Peter Löscher, Vorsitzender; Roland Busch, Brigitte Ederer, Klaus Helmrich, Joe Kaeser, Barbara Kux, Hermann Requardt, Siegfried Russwurm, Peter Y. Solmssen, Michael Süß; Sitz der Gesellschaft: Berlin und München, Deutschland; Registergericht: Berlin Charlottenburg, HRB 12300, München, HRB 6684; WEEE-Reg.-Nr. DE 23691322
Von: Adam Cameron. [email protected]
Gesendet: Mittwoch, 29. Mai 2013 12:29
An: Winkelmann, Frank
Betreff: CVE-2013-0632, Hotfix APSB13-03 for Coldfusion 8 ???
Re: CVE-2013-0632, Hotfix APSB13-03 for Coldfusion 8 ???
created by Adam Cameron.<http://forums.adobe.com/people/Adam+Cameron.> in ColdFusion - View the full discussion<http://forums.adobe.com/message/5361018#5361018 -
HI,
I have installed Cumulative Update 12 for SQL Server 2008 R2 SP2 on my SharePoint instances. This was to resolve a known issue faced with the instance. CU12 helped resolve the issue. My company is rather strict regarding security hotfixes. But I am
not sure if this particular hotfix [Security Hotfix (KB2977319)] is required if the instance has CU12 applied.
Tested this on a Lab server, the installation did run fine, the summary log also stated that the KB is applied. But the Build Number did not change. Hence the doubt.
Overall summary:
Final result: Passed
Exit code (Decimal): 0
Exit message: Passed
Start time: 2014-09-06 10:31:21
End time: 2014-09-06 10:55:49
Requested action: Patch
Instance SPNTSQLTRN overall summary:
Final result: Passed
Exit code (Decimal): 0
Exit message: Passed
Start time: 2014-09-06 10:48:08
End time: 2014-09-06 10:55:45
Requested action: Patch
Package properties:
Description: SQL Server Database Services 2008 R2
ProductName: SQL2008
Type: RTM
Version: 10
SPLevel: 2
KBArticle: KB2977319
KBArticleHyperlink: http://support.microsoft.com/?kbid=2977319
PatchType: QFE
AssociatedHotfixBuild: 0
Platform: x64
PatchLevel: 10.52.4321.0
ProductVersion: 10.52.4000.0
GDRReservedRange: 10.50.4001.0:10.50.4199.0;10.50.4200.0:10.50.4250.0
PackageName: SQLServer2008-KB2977319-x64.exe
Installation location: e:\ac2af22d88ee645b5b32b5c178\x64\setup\
Please inform if I need to apply the hotfix on CU12. Thanks in advance.
John SYes you must install Security update mentioned in KB 2977319 it is important for SQL Server to be patches with this security update. Without this it could allow an attacker to compromise your system and gain control over it.
Please mark this reply as answer if it solved your issue or vote as helpful if it helped so that other forum members can benefit from it
My Technet Articles -
Where can I find the latest security hotfix for CF 9.0.2?
ZDNet announces there is a security hotfix for ColdFusion but provides no link to where I can read about it or download it. I go to the Adobe site and look for it by browsing and searching and can't find it. It's been hidden well.
Maybe the ZDNet announcement was made prior to Adobe updating their website? Or maybe I just can't find what is obvious for others.Adobe published it yesterday, you just have to know where to look: http://helpx.adobe.com/security.html is always updated with the latest from the Adobe Security team. More specifically you are looking for this: http://helpx.adobe.com/security/products/coldfusion/apsb14-23.html
Pete Freitag
Foundeo Inc. - Makers of HackMyCF -
We are trying to patch our ColdFusion instances (v9, 9.0.1 and 9.0.2) up to the latest version, but the links at this advisory all 404:
http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb14-23.html
Does anyone know where I can download the updates please?
I have tried emailing '[email protected]' and '[email protected]' but have not had any response.Adobe no longer supports ColdFusion 9 (it End-of-Lifed in December). There is a community repository run by Gavin Pickin which has ColdFusion installers and patches that may help though.
-Carl V. -
Security hotfix APSB07-02 installation fails
I have followed the instructions given at
http://www.adobe.com/support/security/bulletins/apsb07-02.html
to apply the security hotfix APSB07-02 to my CF7.0.2 standalone
server, but when entering:
java -Dtrace.ci=1 -jar wsconfig.jar -upgrade -v
into the command prompt as instructed, I get the following
error:
'java' is not recognized as an internal or external
commandAdobe's instructions are rarely correct, you have to be a
mind reader or know the product inside out to decipher them, so I
don't blame you for finding an issue with the instructions.
Anyway, I would try and run the command like this:
drive:\{cfmx_root}\runtime\jre\bin\java -Dtrace.ci=1 -jar
wsconfig.jar -upgrade -v
FROM the directory that the wsconfig.jar file is in. So if
your wsconfig.jar is in the directory {cfmx_root}\runtime\lib, use
cmd prompt to navigate to that directory and then run the above
command line.
Be sure to back up your existing wsconfig.jar file BEFORE
doing anything else. -
Security hotfix APSB11-04 - CF8 and log4j.properties
Hi,
I have been reviewing the Tech Notes for the security hotfix at http://kb2.adobe.com/cps/890/cpsid_89094.html which for CF 8.01 talks about backing up and replacing the log4j.properties file. I can't locate this on any of our CF 8.01 servers, so wondering if this is a mistake in the tech note and should have only applied to CF 9. Can I skip the step all together or do I still need to copy the file from the downloaded hotfix to the suggested location?
Thanks
MeintHi Meint,
My CF8.0.1 does not have log4j.properties file either tho CF9.0.1 has.
HTH, Carl. -
Security Hotfix APSB10-04 Breaks our SOLR service
We installed APSB10-04 when we built our new CF9 web servers this past spring.
On our servers the Solr server has never worked. The service will just immediately stop every time it is started with no notification or logging.
Building a lab system a couple of weeks ago, I noticed that Solr stops working when applying the APSB10-04 Security Hotfix.
I presume the problem is with the IP number in the properties node that we are instructed in the hot fix documentation.
<Set name="Host"><SystemProperty naem="jetty.host" default="127.0.0.1"/></Set>
The local loopback ip of 127.0.0.1 does not go anywhere on these servers. But I also tried the boxes specific IP address to no good effect.
Commenting out the line, and the Solr service will start just fine. Added it with either 127.0.0.1 OR 10.104.106.39 and the Solr service will not start.
Any suggestions appreciated
IanI don't know how many times I looked at this, I even posted it here in the original post! But there is a typo in this line:
<Set name="Host"><SystemProperty naem="jetty.host" default="127.0.0.1"/></Set>
Fixing "<SystemProperty naem" to "<SystemProperty name" fixed the problem on this server straight away.
What was really missleading me was that both the development and production servers where suffering the same problem! But it was a completely different and distinct typo on the production server causing the problem there.
<Set name="port"><SystemProperty name="jetty.host" default="127.0.0.1"/></Set>
Fixing '<Set name="port"' to '<Set name="host"' fixed the production server!
Lesson Learned: Cut and Paste WHENEVER POSSIBLE! -
Coldfusion Security hotfix hf901-00002 - esapiconfig log error
Just patched two new CENTOS 5.5 servers running jrun/CF EE 901 installs. Start up trace message throws errors for:
java.io.FileNotFoundException: ../logs/esapiconfig.log affecting log4j
Manually added the missing log file - still no joy.
Any ideas?The security hotfix was updated on March 7th, see http://www.petefreitag.com/item/787.cfm I think the update resolves this issue
-
Multiple row insert not working as before after applying hotfix apsb13-13
Coldfusion 9.01
Windows Server 2003
Microsoft Access database (yeah, we know)
Before the hotfix was applied, we could add multiple rows (anywhere from 1-100 or more) and now we're limited to 15 rows at a time after applying the hotfix. We've narrowed it down to the hotfix being the culprit as we had to rebuild the server not to long after this hotfix was applied (~ 1 month) and the multiple row inserts were once again working fine until we got to the point of applying this hot fix again.
Anyone heard of this happening? Any ideas how to correct?
Thanks in advance,
fmHelp
Below is code of how we're doing the multiple row insert (it's performed over 3 pages):
Page 1
<cfform name="form1" method="post" action="handler.cfm?page=update_2">
<input type="hidden" name="sProductID" value="<cfoutput>#qProducts.sProductID#</cfoutput>">
<table width="100%" border="0" cellspacing="3" cellpadding="3">
<tr>
<th scope="row" colspan="2" align="center">Update an Inventory Product</th>
</tr>
<tr>
<th width="42%" scope="row">Product ID</th>
<td width="58%"><cfoutput>#qProducts.sProductID#</cfoutput></td>
</tr>
<tr>
<th width="42%" scope="row">Friendly Name</th>
<td width="58%"><cfoutput>#qProducts.sFriendly_Name#</cfoutput></td>
</tr>
<tr>
<th width="42%" scope="row">Description</th>
<td width="58%"><cfoutput>#qProducts.sDescription#</cfoutput></td>
</tr>
<tr>
<th width="42%" scope="row">Vendor</th>
<td><select name="sVendor">
<cfoutput><option value="#qProducts.sVendor#">#qProducts.sVendor#</option></cfoutput>
<option value=""></option>
<cfoutput query="qVendor">
<option value="#sVendor#">#sVendor#</option>
</cfoutput>
</select></td>
</tr>
<tr>
<th scope="row">Order No.</th>
<td><cfinput name="sOrder_No" type="text" value="" required="yes" message="Order number is a required field."></td>
</tr>
<tr>
<th scope="row">Lot No.</th>
<td><input name="sLot" type="text" value=""/></td>
</tr>
<tr>
<th scope="row">Date Expires</th>
<td><input name="dtExpire" type="text" value=""/></td>
</tr>
<tr>
<th scope="row">Boxes received</th>
<td><input name="iBoxes" type="text" value="" /></td>
</tr>
<tr>
<th scope="row">Doses/Units</th>
<td><input name="pcount" type="text" value="" /></td>
</tr>
<tr>
<th scope="row">Note</th>
<td><cfoutput>#qProducts.sNote#</cfoutput></td>
</tr>
<tr>
<th scope="row"> </th>
<td> </td>
</tr>
<tr>
<th scope="row" colspan="2" align="center"><input type="submit" value="Submit" /></th>
</tr>
</table>
</cfform>
</table>
Page 2
<form name="form1" method="post" action="handler.cfm?page=update_3">
<cfoutput><input type="hidden" name="pcount" value="#FORM.pcount#"></cfoutput>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td colspan="6" align="left">Record count (Doses/Units)= <cfoutput>#FORM.pcount#</cfoutput></td>
</tr>
<tr>
<td>Product ID</td>
<td>Vendor</td>
<td>Order No.</td>
<td>Lot No.</td>
<td>Expiration Date</td>
<td>Num. of Boxes</td>
</tr>
<cfset Peoplecount = 0>
<cfloop index="Add" from="1" to="#form.pcount#" step="1">
<tr>
<cfset Peoplecount = PeopleCount + 1>
<td><input <cfoutput> value="#FORM.sProductID#" </cfoutput> name="sProductID_<cfoutput>#Peoplecount#</cfoutput>" type="text" id="sProductID_"></td>
<td><input <cfoutput>value="#FORM.sVendor#"</cfoutput> name="sVendor_<cfoutput>#Peoplecount#</cfoutput>" type="text" id="sVendor_"></td>
<td><input <cfoutput> value="#FORM.sOrder_No#" </cfoutput> name="sOrder_No_<cfoutput>#Peoplecount#</cfoutput>" type="text" id="sOrder_No_"></td>
<td><input <cfoutput>value="#FORM.sLot#"</cfoutput> name="sLot_<cfoutput>#Peoplecount#</cfoutput>" type="text" id="sLot_"></td>
<td><input <cfoutput> value="#DateFormat(FORM.dtExpire, 'MM/DD/YY')#" </cfoutput> name="dtExpire_<cfoutput>#Peoplecount#</cfoutput>" type="text" id="dtExpire_"></td>
<td><input <cfoutput>value="#FORM.iBoxes#"</cfoutput> name="iBoxes_<cfoutput>#Peoplecount#</cfoutput>" type="text" id="iBoxes_"></td>
</tr>
</cfloop>
<tr>
<td> </td>
<td>
<input type="submit" name="Submit" value="Submit">
<input name="HowMany" type="hidden" id="HowMany" value="<cfoutput>#Form.pcount#</cfoutput>">
</td>
</tr>
</table>
</form>
</table>
Page 3
<cfquery name="qGetOnHand" datasource="#variables.DSNCI#">
SELECT *
FROM Products
WHERE sProductID = '#session.sProductID#'
</cfquery>
<cfquery datasource="#variables.DSNCI#">
UPDATE Products
SET iOnHandQty = (#FORM.pcount# + #qGetOnHand.iOnHandQty#)
WHERE sProductID = '#session.sProductID#'
</cfquery>
<cfset quantity = #FORM.pcount#>
<cfset Pcount = 0>
<!-- Start Loop -->
<cfloop index="Add" from="1" to="#form.howmany#" step="1">
<cfset Pcount = Pcount + 1>
<cfset Product = "Form.sProductID_#Pcount#">
<cfset Product = Evaluate(Product)>
<cfset Vendor = "Form.sVendor_#Pcount#">
<cfset Vendor = Evaluate(Vendor)>
<cfset Order = "Form.sOrder_No_#Pcount#">
<cfset Order = Evaluate(Order)>
<cfset Lot = "Form.sLot_#Pcount#">
<cfset Lot = Evaluate(Lot)>
<cfset Expires = "Form.dtExpire_#Pcount#">
<cfset Expires = Evaluate(Expires)>
<cfset Boxes = "Form.iBoxes_#Pcount#">
<cfset Boxes = Evaluate(Boxes)>
<cfquery datasource="#variables.DSNCI#" name="InsertData">
Insert into Received_History (sProductID, sVendor, sOrder_No, sLot, dtExpire, iBoxes, dtReceived)
values ('#Product#', '#Vendor#', '#Order#', '#Lot#', <cfif Expires IS "">NULL<cfelse>#CreateOdbcDate(Expires)#</cfif>, #Boxes#, #CreateOdbcDate(Now())#)
</cfquery>
</cfloop>Rasi wrote:show your complete default.pa (also make sure that you dont override pulse settings in ~/.config/pulse) this setting should allow sound for ANY user - i just tried it and it works
also: of course you restarted pulseaudio?
I restarted pulseaudio and my computer.
My default.pa is displayed in the first post.
My files in /etc/pulse:
> ls -la /etc/pulse
total 28
drwxr-xr-x 1 root root 116 May 16 10:22 .
drwxr-xr-x 1 root root 3740 May 16 10:47 ..
-rw-r--r-- 1 root root 1269 Mar 3 21:31 client.conf
-rw-r--r-- 1 root root 2348 Oct 8 2013 daemon.conf
-rw-r--r-- 1 root root 5756 May 16 10:24 default.pa
-rw-r--r-- 1 root root 5718 Oct 8 2013 default.pa.pacnew
-rw-r--r-- 1 root root 2112 Oct 8 2013 system.pa
-la
My files in ~/.config/pulse:
> ls -la ~/.config/pulse
total 1048
drwx------ 1 homeuser homeuser 660 Sep 12 2013 .
drwx------ 1 homeuser homeuser 1054 Apr 24 14:06 ..
-rw-r--r-- 1 homeuser homeuser 40960 Oct 17 2013 1a8726d55f9140ae9d95dc512eacea67-card-database.tdb
-rw-r--r-- 1 homeuser homeuser 43 May 16 10:37 1a8726d55f9140ae9d95dc512eacea67-default-sink
-rw-r--r-- 1 homeuser homeuser 42 May 16 10:37 1a8726d55f9140ae9d95dc512eacea67-default-source
-rw-r--r-- 1 homeuser homeuser 12288 May 16 10:49 1a8726d55f9140ae9d95dc512eacea67-device-volumes.tdb
lrwxrwxrwx 1 homeuser homeuser 23 Sep 12 2013 1a8726d55f9140ae9d95dc512eacea67-runtime -> /tmp/pulse-cDmMRoO9oFBz
-rw-r--r-- 1 homeuser homeuser 12288 May 15 22:43 1a8726d55f9140ae9d95dc512eacea67-stream-volumes.tdb
-rw------- 1 homeuser homeuser 256 Jun 15 2013 cookie
-rw-r--r-- 1 homeuser homeuser 331776 Jun 21 2013 equalizer-presets.tdb
-rw-r--r-- 1 homeuser homeuser 659456 Sep 20 2013 equalizer-state.tdb
Thanks for your efforts. -
Loop while processing cfm pages after security hotfix APSB10-18 installation
Hi,
Everything is in the title...
I've followed the instructions on http://kb2.adobe.com/cps/857/cpsid_85766.html to fix security issue... but after replacing the two files, my .Cfm pages are no longer accessible...
Is it a known issue or what's wrong ? I've read all the coldfusion server log and found no errors :'(
My server is Centos 5 and my Coldfusion Server is 9.0.1
thanks in advance
FrancoisHave you got a request timeout set in CFAdmin? It seems strange that the request doesn't get cancelled at any point.
If the CPU & RAM aren't reacting to this "looping" at all, do you have any evidence that CF is even receiving the request?
What do you get if you put an HTML file in that subdir, and browse to that?
What happens if you put a bogus CFML tag in test.cfm, eg <cfthiswillnotcompile>, and rehit the page?
Adam -
Security Hotfix APSB10-18 for MX7 ?
I just read about the the APSB10-18 Vulnerability (http://www.adobe.com/support/security/bulletins/apsb10-18.html).
Since it says it is "... identified in ColdFusion 9.0.1 and earlier versions for Windows..." does that mean version 7 has this vulerability as well?
If so, is there a patch for MX7 or do I need to upgrade?
If I need to upgrade, which would be the better choice - 8 or 9?
Many thanks in advance,
RichardWelll, to answer my own question, after some testing, this is all that is needed to re-enable the validation functionality.
C:\Inetpub\wwwroot\CFIDE\scripts
My concern however is whether deleting all other CFIDE subfolders will take care of this problem, or does the exploit sonehow access other core functionality of Coldfusion.
I'm scared. -
We've applied the patch for CVE 2009-1876 and we're getting the expected response "Macromedia JRun 4.0 (Build 108785)"
However, checking cfserver.log after CF restarts, we get this message "Starting Macromedia JRun 4.0 (Build 108673), coldfusion server".
Is this expected?
Are there any other ways to check if the patch has been applied properly?
Many thanks!Hi Kedalen,
The effect of the SQL server hotfix for SAP B1 db seems not much as far as I know.
But if you want to know more detail, you must test it first in the server test
Rgds,
JM -
Problem with installing Coldfusion Hotfix APSB13-10
I am using Coldfusion 9.0 and have downloaded the required files CF9.zip and CFIDE-9.zip and extracted them. I cannot find the file 'WEB-INF.zip' file in the CF9 directory referenced in the instructions. The only update file in the CF9 directory is 'hf900-00010.jar'. Where can I get this file? I don't know if I can proceed without it. I'm partly through the fix and am now concerned about any reboot without fully completing the fix.
Hi,
You don't need the WB-INF.zip to be updated. You only need to update the jar file from CF9/lib/updates and the Extract all the files in CFIDE-9.zip to merge in the web root directory that has {CFIDE-HOME} directory. If you follow the instructions step by step, you should not face any issue.
Regards,
Anit Kumar
Maybe you are looking for
-
I just want to know in what kind of mapping requirements we can go with xslt mapping which is not supported in graphical mapping? Please help me with few mapping requirements which is not supported in graphical mapping but we can achive using xslt ma
-
After installing itunes on my pc i get an error that says that i have to uninstall and reinstall itunes. I finally got it to down load and now it says that I need an upgrade. It's getting very frustrating as I've never had this kind of trouble.
-
RA00 Discount on net, RA01 Discount on Gross
Hi I am trying to have a discount in the purchasing order, I used RA00, but I don t know exactelty the difference between RA00 RA01. practically they seem similar when I use them. please provide a concrete example to explain me the difference betewee
-
Connecting External Hard Drive
I have recently purchased a Western Digital MyBook external USB hard drive and cannot get it to mount through the airport extreme base station to my desktop. On my laptop it recognizes the HD immediately through wireless when I turn the computer on.
-
Instcoll.exe claims wrong minor MSSQL Version during WAS 6.4 install
Everytime I try to apply the instcoll.exe patch on my Database Server (MSSQL 2000 SP3) the patch states that it needs 8.0.780 instead of 8.0.760 to make the nesessary changes in order to install SAP. Is there a another version of instcoll.exe that wo