Subscribe to only coldfusion security bulletins

Similar Messages

• Does ColdFusion : Security Bulletin APSB10-11 apply to MX 7.0.2

  I contacted adobe phone support and was directed to post my question to the forum because adobe doesn't provide phone support for server products.
  So, Does ColdFusion : Security Bulletin APSB10-11 apply to MX 7.0.2?
  In the Security Bulleting it reads like it does:
  Summary
  Important vulnerabilities have been identified in ColdFusion 8.0, 8.0.1, 9.0 and earlier versions for Windows, Macintosh and UNIX. The vulnerabilities could lead to cross-site scripting and information disclosure.
  source: http://www.adobe.com/support/security/bulletins/apsb10-11.html
  However, there are no solutions in the technote:
  Issue
  Note: This technote and the attachments have been updated on 05/13/2010. All ColdFusion users should review the technote again. An issue when this security fix was applied with Cumulative Hot Fix 4 for ColdFusion 8.0.1 has been identified and resolved. The issue was caused by a naming conflict.
  ColdFusion 9.0, 8.0.1 and 8.0 are affected with the issue mentioned in the security bulletin APSB10-11. This technote provides fixes for the security issues along with the installation instructions.
  source: http://kb2.adobe.com/cps/841/cpsid_84102.html
  Additionally, does anyone know if Cold Fusion MX 7.0.2 is a supported product?
  Thank you any help will be benifitial.

  I contacted adobe phone support and was directed to post my question to the forum because adobe doesn't provide phone support for server products.
  I have had phone support from them, and they were quite helpful.  Do you mean they don't do free phone support?  No, they don't.
  I cannot believe they suggested you raise an issue on the forum.  That's just sh!t.  There's no other way of describing that.
  Additionally, does anyone know if Cold Fusion MX 7.0.2 is a supported product?
  http://www.adobe.com/support/products/enterprise/eol/eol_matrix.html#63
  Only for "Extended support", whatever that is.
  [searches]
  Hmmm... http://www.adobe.com/support/programs/policies/terms_customer.html:
  Extended Support. If version of software held by Customer at time of renewal has been end-of-lifed during the next renewal term, Customer may renew to Extended Support, provided that Extended Support is available for such software version.  Information about Software that has been or soon will be end-of-lifed and Extended Support availability dates by product version are published at www.adobe.com/support. If Customer elects to purchase Extended Support, the Annual Support Fee shall be twenty-five (25%) percent of the license fee paid for the Software (if such fee cannot be established, the percentage would be based on the then-current list price of the license fee for the Software), however in no event shall the amount be less than the last renewal prior to renewing under Extended Support.
  If extended support is renewed, the renewal fee would be the Annual Support Fee paid for the prior year increased by the applicable Consumer Price Index (CPI)*, for the 12-month period preceding the renewal date. Should Customer upgrade to the next major version of the Software (e.g., upgrade from 4.0 to 5.0), the Annual Support Fee for the upgraded version shall be the lesser of twenty percent (20%) of the then current list price of the license fee for such upgraded version, or the Annual Support Fee for the last renewal prior to renewing under Extended Support increased by the applicable Consumer Price Index (CPI)*, for the 12-month period preceding the renewal date.
  So there you go.  It's something you'd have to be paying for anyhow, and my reading of that is that it's too late to get it now anyhow.
  I think this will also mean that you're definitely out of luck in regards to any sort of patching going on for CFMX7.
  Adam

• Enabling ORM causes coldfusion.security.SecurityManager$UnauthenticatedCredentialsException

  I'm working on a Windows 2008 Enterprise server with ColdFusion 9 Standard datasourcing MySQL 5.1. When I enable ORM in my application.cfc I receive the following error:
  coldfusion.security.SecurityManager$UnauthenticatedCredentialsException
       at coldfusion.security.SecurityManager.authenticateAdmin(SecurityManager.java:1826)
       at coldfusion.featurerouter.handler.standard.StandardSecurityManager.authenticateAdmin(StandardSecurityManager.java:47)
       at coldfusion.sql.Executive.getDatasource(Executive.java:439)
       at coldfusion.orm.hibernate.HibernateConfiguration.initHibernateConfiguration(HibernateConfiguration.java:160)
       at coldfusion.orm.hibernate.HibernateConfiguration.<init>(HibernateConfiguration.java:141)
       at coldfusion.orm.hibernate.ConfigurationManager.initConfiguration(ConfigurationManager.java:69)
       at coldfusion.orm.hibernate.HibernateProvider.InitializeORMForApplication(HibernateProvider.java:182)
       at coldfusion.orm.hibernate.HibernateProvider.beforeApplicationStart(HibernateProvider.java:85)
       at coldfusion.filter.ApplicationFilter.fireBeforeAppStartEvent(ApplicationFilter.java:475)
       at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:221)
       at coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:48)
       at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40)
       at coldfusion.filter.PathFilter.invoke(PathFilter.java:87)
       at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:70)
       at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28)
       at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38)
       at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46)
       at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38)
       at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22)
       at coldfusion.filter.CachingFilter.invoke(CachingFilter.java:53)
       at coldfusion.CfmServlet.service(CfmServlet.java:200)
       at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89)
       at jrun.servlet.FilterChain.doFilter(FilterChain.java:86)
       at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42)
       at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46)
       at jrun.servlet.FilterChain.doFilter(FilterChain.java:94)
       at jrun.servlet.FilterChain.service(FilterChain.java:101)
       at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106)
       at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42)
       at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286)
       at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543)
       at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203)
       at jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:320)
       at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428)
       at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:266)
       at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
  I have confirmed the following:
  CF 9 ORM does work on my development environment for this same application.
  This error only occurs when I enable ORM for the CF application on this server.
  I previously thought that the MySQL user for ColdFusion may not have valid permissions. However, giving that user all permissions still did not fix the error.
  ORM was working for this same application in the past. One conclusion may be an issue with the latest CF hotfix provided by Adobe (which I did install about a month ago). However, I can confirm that the application did work AFTER that install.
  Any suggestions on how to get ORM working would be much appreciated!

  The only way I could resolve this error was to reinstall ColdFusion. I've even updated CF9 with the latest hotfix and it's running fine. I'll wait and see how it goes.

• Security Bulletin for SharePoint 2013??

  Microsoft released the SharePoint 2013 version 5 Security bulletins.....in our enviorment do we need to apply all old bulletin or patching latest one will affect it.
  MS14-001  (Latest One) - 1/14/2014
  MS13-100 
  MS13-084
  MS13-067
  MS13-030  (4/9/2013)
   

  The bulletins will notate if they've superseded any patches. If not, you'll want to apply each one.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Adobe AIR 13 Runtime Security Bulletin for Windows or Mac

  According to 5/13/2014 - Release - AIR 13 Runtime and SDK, the update for Adobe AIR 13 on 5/13/2014 includes fixes and security updates "Security update details can be found here: Security Bulletin (APSB14-14)", we have two questions:
  1. Why the Adobe Air 13 runtime for Windows and Mac is not listed in the security bulletin APSB14-14, like APSB14-02?
  2. Was the version released before Adobe AIR 13.0.0.111 for Windows Adobe AIR 4.0.0.1390 or Adobe AIR 13.0.0.83?
  Thanks!
  -TeamOCD

  MacWorld did a comparative evaluation of the October 2008 MBA with 1.86 GHz processor and the Mid-2009 MBA with 2.13 GHz chip. Their conclusion was that that 1.86 CPU was actually FASTER than the 2.13 in most applications.
  http://www.macworld.com/article/141296/2009/06/macbookairmid09.html
  They speculated that the 2.13 chip was being throttled by Apple to control heat issues and that's why it tested SLOWER than the (supposedly) slower 1.86 part.
  Have to wait for testing of these new MBA units to know if the same thing occurs. But, for the Rev. B and C MBAs, the 1.86 part was actually faster in real world use!

• Now I can start my Mac Pro only in "secure mode." I'm still appears on all monitors a series of bands such as seen in the attached file. Someone can give me a diagnosis? Thank you.

  Now I can start my Mac Pro only in "secure mode."
  I'm still appears on all monitors a series of bands such as seen in the attached file.
  Someone can give me a diagnosis?
  Thank you.

  The attached file is not showing.
  In Safe/Secure Mode many Drivers are not loaded. When your computer works in Safe Mode, but not regular mode, two types of problems are implicated:
  1) Third-party kernel extensions. a conflict with some part of Mac OS X means that when those extensions load, your Mac can not run.
  2) Failed graphics card. Since the Driver for the display is not loaded, the display in Safe Mode uses a very simple built-in Driver. In regular mode, once the driver is loaded, all parts of the graphics card must be working, or you could get bands of color on the display (which is just what you reported).
  Which Model Mac Pro Tower or MacBook Pro is this?

• Adobe Acrobat 7 Security Bulletin

  http://www.adobe.com/support/security/bulletins/apsb06-20.html
  Critical vulnerabilities have been identified in Adobe Reader and Acrobat 7.0 through 7.0.8 that could although Adobe is not aware of any specific code exploits at this time allow an attacker who successfully exploits these vulnerabilities to take control of the affected system.
  Adobe Reader 7.0 through 7.0.8 and Adobe Acrobat Standard and Professional 7.0 through 7.0.8 on the Windows platform when using Internet Explorer. Users of other browsers are not affected.
  More information available at the above link.

  If there are form fields, then whoever added them probably used the forms menu, not the Acrobat form fields. Thus the PDF was converted to Designer and you are out of luck. The FORMS button found in various places in Acrobat 7 and latter takes you to Designer, not the Acrobat form tools. The latter are located in the tools menu.

• Can I switch between Illustrator and Photoshop? (I am subscribing to only one product per month)

  Can I switch between Illustrator and Photoshop? (I am subscribing to only one product per month)

  Absolutely. Just change the sim card and the APN details in the settings. You can do this either manually if you know them or just sync with iTunes after changing the sim and the details will sync. Once you have done it once for each network the device seems to remember the details.

• Cannot validate pgp signatures of microsoft security bulletins

  So I've been getting Microsoft security bulletins for years and I thought I would actually verify the PGP signature. I have not been able to yet. I found two public keys on microsoft sites:https://technet.microsoft.com/en-us/security/dn753714was the first key I imported. My PGP software says it is the wrong key for the June 2015 security bulletin:PHPWrong signature of Microsoft SecurityNotifications (Key ID: BF05BFF43AA549E5)Notably on that link above, the page says it was "Updated: December 15, 2015" (in the future). I found that page linked fromanother page.I found another key and replaced the above key with a slightly older one. I still get an "unknown" key errorTextSigned with unknown key(Key ID: BF05BFF43AA549E5)I also foundboth keyson the MIT key server.What do you get when you verify Microsoft PGP signatures?
  This topic first appeared in the Spiceworks Community

  Hi,
  Thanks for your advise. I record your feedback.
  Juke Chou
  TechNet Community Support

• SharePoint Security Bulletin same downloads......

  This SharePoint Security Bulletin has 4 same download available on below site....which we should download?
  https://technet.microsoft.com/en-us/library/security/ms14-050.aspx

  There are versions for SharePoint Foundation, SharePoint Server, SharePoint Foundation SP1 and SharePoint Server Sp1. Pick the option that best describes your environment.
  You shouldn't need to install the Foundation and Server patch for MS14, just the Server package should suffice.

• Parsing Microsoft Security Bulletin Web Pages

  I have been tasked with determining which bulletings are pertintent starting in 2013 to the present.  I am placing a link to the bulletin and other information on a spreadsheet.  I have a reference to the Internet Controls in my project.
  I need to determine which operating systems for each bulletin.
  I have been able to parse the security bulletins page by year (https://technet.microsoft.com/en-us/library/security/dn631924.aspx) to get the next level of the bulletin
  (https://technet.microsoft.com/library/security/ms13-106).
  My problem has come in parsing the affected software table.  Not all the bulletins have the same formatting from year to year or even within the same year. 
  I have been useing the DOM explorer in IE to help me find all the parts, but I have found many of the tags (table name) are empty so I am having to check each and every line and element to find the information I am looking for.
  My code is ending up with a number of if/elseif type of checks and is getting very complicated.  Does anyone have a solution for this already or am I missing something?
  Thanks in advance.

  Hi Shu Hu,
  I am able to parse the table and find all the tr tags.
  The problem I am having is the different layouts used on the web pages.
  The pages for the security bulletin's for 2013 (https://technet.microsoft.com/en-us/library/security/ms13-106.aspx)
  are a different format from the bulletin's for 2014 (https://technet.microsoft.com/library/security/ms14-085).
  Initally I thought I could find just tables but the table I am looking to parse is not the same index from page to page.  I thought I could use the table name attribute but that was not populated.  I started looking at each elelement on the HTML
  page until I found the text "Affected Software." Once I found the tag in the innerText field I looked for the next table to process the rows.
  I was hoping that the formatting would be the same from year to year but it is not so I was looking to see if there was a solution already but it does not look that way.
  I will take a closer look at the article you provided to see if that will help.

• Microsoft Security Bulletin Advance Notificati​on for April 2011

  Wow! Microsoft's April Patch is planning 17 Bulletins to Fix 64 Bugs. As always it includes some security updates.
  https://www.microsoft.com/technet/security/bulleti​n/ms11-apr.mspx
  ThinkPad: T530 / X1 Gen 2 / Helix - Yoga: Tablet 2 Pro (Win) / Yoga 3 Pro
  If you find a post helpful and it answers your question, please click the "Accept As Solution" button.
  Lenovo Advocate ~ I am not employed by Lenovo or Microsoft. I am a volunteer.
  Microsoft MVP - Consumer Security
  SpywareHammer

  Hi Shu Hu,
  I am able to parse the table and find all the tr tags.
  The problem I am having is the different layouts used on the web pages.
  The pages for the security bulletin's for 2013 (https://technet.microsoft.com/en-us/library/security/ms13-106.aspx)
  are a different format from the bulletin's for 2014 (https://technet.microsoft.com/library/security/ms14-085).
  Initally I thought I could find just tables but the table I am looking to parse is not the same index from page to page.  I thought I could use the table name attribute but that was not populated.  I started looking at each elelement on the HTML
  page until I found the text "Affected Software." Once I found the tag in the innerText field I looked for the next table to process the rows.
  I was hoping that the formatting would be the same from year to year but it is not so I was looking to see if there was a solution already but it does not look that way.
  I will take a closer look at the article you provided to see if that will help.

• HT6041 does anyone have information re: motion 5.1 ? the latest security bulletin describes the need for it but neither  " software update: or the "app store"  seems to have it.

  I have read and re read this security bulletin and I have checked software update and the " app store" and there is no mention of "motion" or "motion 5.1"

  FWIW, here is the Apple troubleshooting note for Motion updates that aren't being offered, and the Apple best practices for Motion and related.   Here are the Mac App Store troubleshooting tips.

• Do new Security bulletins and advisories of all adobe products supersede the old ones?

  Hi
  Can I get the information where new Security bulletins and advisories of all adobe products supersede the old ones..
  Example :
  Is APSB13-15 Security updates available for Adobe Reader and Acrobat supersedes any security bulletins and advisories.
  Please provide me the information where I can get this info..

  Thank you..Some what helpful.
  But I need to get the Security bulletins and advisories supersede information, Like Microsoft is publishing the Updates Replaced information.
  It will be a great helpful if I can get the information.

• Trash will only empty securely. How do I turn of secure empty trash?

  Trash will only empty securely.  Have repeatedly turned this off in Finder with no results.  Running Mountain Lion on intel iMac.  Advice much appreciated,
  Geo

  Back up all data. Don't continue unless you're sure you can restore from a backup, even if you're unable to log in.
  This procedure will unlock all your user files (not system files) and reset their ownership and access-control lists to the default. If you've set special values for those attributes on any of your files, they will be reverted. In that case, either stop here, or be prepared to recreate the settings if necessary. Do so only after verifying that those settings didn't cause the problem. If none of this is meaningful to you, you don't need to worry about it.
  Step 1
  If you have more than one user account, and the one in question is not an administrator account, then temporarily promote it to administrator status in the Users & Groups preference pane. To do that, unlock the preference pane using the credentials of an administrator, check the box marked Allow user to administer this computer, then reboot. You can demote the problem account back to standard status when this step has been completed.
  Triple-click the following line to select it. Copy the selected text to the Clipboard (command-C):
  { sudo chflags -R nouchg,nouappnd ~ $TMPDIR.. ; sudo chown -R $UID:staff ~ $_ ; sudo chmod -R u+rwX ~ $_ ; chmod -R -N ~ $_ ; } 2> /dev/null
  Launch the Terminal application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.
  Paste into the Terminal window (command-V). You'll be prompted for your login password, which won't be displayed when you type it. You may get a one-time warning to be careful. If you don’t have a login password, you’ll need to set one before you can run the command. If you see a message that your username "is not in the sudoers file," then you're not logged in as an administrator.
  The command will take a noticeable amount of time to run. Wait for a new line ending in a dollar sign (“$”) to appear, then quit Terminal.
  Step 2 (optional)
  Step 1 should give you usable permissions in your home folder. This step will restore special attributes set by OS X on some user folders to protect them from unintended deletion or renaming. You can skip this step if you don't consider that protection to be necessary, and if everything is working as expected after step 1.
  Boot into Recovery by holding down the key combination command-R at startup. Release the keys when you see a gray screen with a spinning dial.
  When the OS X Utilities screen appears, select
  Utilities ▹ Terminal
  from the menu bar. A Terminal window will open.
  In the Terminal window, type this:
  res
  Press the tab key. The partial command you typed will automatically be completed to this:
  resetpassword
  Press return. A Reset Password window will open. You’re not  going to reset a password.
  Select your boot volume ("Macintosh HD," unless you gave it a different name) if not already selected.
  Select your username from the menu labeled Select the user account if not already selected.
  Under Reset Home Directory Permissions and ACLs, click the Reset button.
  Select
   ▹ Restart
  from the menu bar.