Allaire Spectra 1.0 Webtop漏洞

漏洞信息详情

Allaire Spectra 1.0 Webtop漏洞

• CNNVD编号：CNNVD-200001-015
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2000-0050
  
• 漏洞类型：
  
  
  访问验证错误
  
• 发布时间：
  
  2000-01-04
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-07-27
  
• 厂        商：
  
  allaire
• 漏洞来源：
  Publicized by Alla…

The Allaire Spectra Webtop存在漏洞。未授权的用户可以通过指定明确的URL访问其他的Webtop部分。

Quoted directly from the Allaire bulletin (referenced in its entirety in the credits section):
Customers should add the missing line of code to the application settings
file for the Webtop. To do this:
1.Open the file webroot/Allaire/spectra/webtop/application.cfm
2.Add the following line directly under the application initialize section:

Your code should then look like this:
. . .



. . .
3.Save the file and your Webtop security settings will work correctly.
Note that if you have the ColdFusion “Trusted Cache” option enabled in the
ColdFusion Administrator, you will need to turn it off, reload any Webtop
section, then turn the “Trusted Cache” option on again for the change to
take effect. Restarting the ColdFusion Server will also cause the change to
take effect.

来源: ALLAIRE
名称: ASB00-01
链接:http://www.allaire.com/handlers/index.cfm?ID=13976&Method=Full

来源: BID
名称: 915
链接:http://www.securityfocus.com/bid/915