[prev in list] [next in list] [prev in thread] [next in thread] 

List:       vulnwatch
Subject:    [VulnWatch] New Macromedia Security Zone Bulletins Posted (fwd)
From:       Rain Forest Puppy <rfp () vulnwatch ! org>
Date:       2001-11-29 0:01:22
[Download RAW message or body]



---------- Forwarded message ----------
Date: Wed, 28 Nov 2001 13:30:58 -0800 (PST)
From: Macromedia Security Alert <newsflash@macromedia.com>
Reply-To: response.secure@allaire.com
Subject: New Macromedia Security Zone Bulletins Posted


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
IMPORTANT:

Several security issues that may affect Macromedia JRun and
ColdFusion customers have come to our attention recently.

To learn about these new issues and what actions you can
take to address them, Please visit the Security Zone at the
Macromedia/Allaire Web site:

http://www.allaire.com/security
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Dear Macromedia customer,

This week we posted the following new Macromedia
SECURITY BULLETINS:

   *  MPSB01-10: Hotfix Available for JRun Server
        Duplicate Session ID Security Issue.

   *  MBSB01-11: The <CFEXECUTE> tag should be disabled
        when using ColdFusion Sandbox Security (Operating
        System type) on Windows.

   *  MPSB01-12: Workaround Addresses JRun Server SSIFilter
        Security Issue.

As a Web application platform vendor, one of our highest
concerns is the security of the systems our customers
deploy. We understand how important security is to our
customers, and we're committed to providing the technology
and information customers need to build secure Web
applications.

~~~~~~~
Thank you for your time and consideration on this issue.

Security Response Team,
Macromedia, Inc.

~~~~
P.S.  As a reminder, Macromedia has set up the following
e-mail address that customers can use to report security
issues associated with any Macromedia product:

[mailto:secure@allaire.com]


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ANY INFORMATION, PATCHES, DOWNLOADS, WORKAROUNDS OR FIXES
PROVIDED BY MACROMEDIA IN THIS BULLETIN IS PROVIDED "AS IS"
WITHOUT WARRANTY OF ANY KIND. MACROMEDIA AND ITS SUPPLIERS
DISCLAIM ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED OR
OTHERWISE, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE. ALSO, THERE IS NO
WARRANTY OF NON-INFRINGEMENT, TITLE, OR QUIET ENJOYMENT.
(USA ONLY) SOME STATES DO NOT ALLOW THE EXCLUSION OF
IMPLIED WARRANTIES, SO THE ABOVE EXCLUSION MAY NOT APPLY
TO YOU. IN NO EVENT SHALL MACROMEDIA, INC. OR ITS SUPPLIERS
BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING, WITHOUT
LIMITATION, DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL,
SPECIAL, PUNITIVE, COVER, LOSS OF PROFITS, BUSINESS
INTERRUPTION OR THE LIKE, OR LOSS OF BUSINESS DAMAGES,
BASED ON ANY THEORY OF LIABILITY INCLUDING BREACH OF
CONTRACT, BREACH OF WARRANTY, TORT (INCLUDING NEGLIGENCE),
PRODUCT LIABILITY OR OTHERWISE, EVEN IF MACROMEDIA, INC.
OR ITS SUPPLIERS OR THEIR REPRESENTATIVES HAVE BEEN ADVISED
OF THE POSSIBILITY OF SUCH DAMAGES. (USA ONLY) SOME STATES
DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR
CONSEQUENTIAL OR INCIDENTAL DAMAGES, SO THE ABOVE EXCLUSION
OR LIMITATION MAY NOT APPLY TO YOU AND YOU MAY ALSO HAVE
OTHER LEGAL RIGHTS THAT VARY FROM STATE TO STATE.




[prev in list] [next in list] [prev in thread] [next in thread]