Well I don't know anything about the .=20 or so but there is well know IIS bug that allows to view the source code (vulnerabilities issues) through the browser. To reproduce the problem append the +.htr to the URL of a CFML page (ex. http://yourdomain/index.cfm+.htr. If you did not apply patch (there is a patch available, check Allaire site) you'll be able to see all CFML code of template when viewing HTML source code. If you did not apply the patch yet, I would definitely recommend to do so ASAP.
If anybody has exact URL where to download the patch, please post that here, so somebody does not have to waste his/her time on searching for it.
Thank you,
Rastislav Toscak Senior Applications Developer G.Triad Tel : 973.428.9600 x7509 Fax : 973.428.1112 rastislavt@gtriad.com http://www.gtriad.com
-----Original Message----- From: Priscilla Yamin [mailto:pyamin@valencia.cc.fl.us] Sent: Thursday, May 03, 2001 12:59 PM To: CF-Server Subject: viewing source code
This is a multi-part message in MIME format.
------=_NextPart_000_0058_01C0D3EA.088CB120 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Someone sent me an email that said our IIS server has a well known bug = that allows people to view the CF source code.=20
Is anyone familiar with this? And is this something to be concerned = about?
------=_NextPart_000_0058_01C0D3EA.088CB120 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 6.00.2462.0" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DArial size=3D2><FONT face=3D"Times New Roman" = size=3D3>Someone sent me=20 an email that said our IIS server has a well known bug that allows = people to=20 view the CF source code. <BR><BR>Is anyone familiar with this? And is = this=20 something to be concerned = about?</FONT><BR><BR></FONT></DIV></BODY></HTML>
------=_NextPart_000_0058_01C0D3EA.088CB120--
---------------------------------------------------------------------------- -- To unsubscribe, send a message to cf-server-request@houseoffusion.com with 'unsubscribe' in the body or visit the list page at www.houseoffusion.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm ------------------------------------------------------------------------------ To unsubscribe, send a message to cf-server-request@houseoffusion.com with 'unsubscribe' in the body or visit the list page at www.houseoffusion.com
CF-Server
Rastislav Toseak