Microsoft KB Archive/165998

= Cold Fusion applications bypass security =

Article ID: 165998

Article Last Modified on 6/30/2006

-

APPLIES TO


 * Microsoft Internet Information Server 2.0
 * Microsoft Internet Information Server 3.0

-



This article was previously published under Q165998



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx



SYMPTOMS
Cold Fusion template files that should be only accessible to authenticated users are also getting returned to other users.



CAUSE
The Cold Fusion ISAPI dll file is running in a manner that does not preserve the user context. Therefore, it allows the cfm file to run solely based on the permissions assigned the Cold Fusion dll (Iscf.dll) file.



WORKAROUND
Contact Adobe Support to obtain the appropriate file or files that you must have to resolve the problem. For more information, visit the following Web site:

http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=tn_17883#MX701



MORE INFORMATION
The third-party products discussed here are manufactured by vendors independent of Microsoft. We make no warranty, implied or otherwise, regarding performance or reliability of these products.

Keywords: kbprb kb3rdparty KB165998

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.