NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Various (Microsoft, SGI, Debian, SuSE)> 2001-q2

From: SecurityZoneallaire.com
Date: Thu Jun 28 2001 - 16:00:01 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dear Macromedia Customer --

New security issues that may affect Macromedia customers have come to our attention recently. Please visit the Security Zone at the Macromedia/Allaire Web site to learn about these new issues and what actions you can take to address it:

http://www.allaire.com/security

This week we posted the following new Macromedia Security Bulletins.

ADDED:

CSB01-09: Using Microsoft Windows 2000 LDAP over SSL could enable passwords to be changed

MPSB01-03 : JRun 3.1, 3.0, 2.3.3: Patch available for ability to view jsp source code when replacing the "p" in "jsp" with "%70" in the URI

MPSB01-04: JRun 3.0: Patch available for re-generation of new java, class, et al. files when adding a forward slash to a previously run jsp, and accessing it through a browser

MPSB01-05: JRun 3.0: Patch available for accessing a restricted directory via web authentication when the case of the directory mapping referenced in the URI is other than what is stored in web.xml

MPSB01-06: JRun 3.1, JRun 3.0, JRun 2.3.3: Cross-site scripting vulnerability (a.k.a. JavaScript code execution vulnerability)

As a Web application platform vendor, one of our highest concerns is the security of the systems our customers deploy. We understand how important security is to our customers, and we're committed to providing the technology and information customers need to build secure Web applications. Thank you for your time and consideration on this issue.

-- Security Response Team, Macromedia, Inc.

P.S. As a reminder, Macromedia has set up an email address that customers can use to report security issues associated with any Macromedia product: secureallaire.com

--
THE INFORMATION PROVIDED BY MACROMEDIA IN THIS BULLETIN IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND.  MACROMEDIA AND ITS SUPPLIERS DISCLAIM ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED OR OTHERWISE, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  ALSO, THERE IS NO WARRANTY OF NON-INFRINGEMENT, TITLE OR QUIET ENJOYMENT.  (USA ONLY) SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO THE ABOVE EXCLUSION MAY NOT APPLY TO YOU.
IN NO EVENT SHALL MACROMEDIA, INC. OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING, WITHOUT LIMITATION, DIRECT, INDIRECT, INCIDENTAL, CONSEQUESTIAL, SPECIAL, PUNITIVE, COVER, LOSS OF PROFITS, BUSINESS INTERRUPTION OR THE LIKE, OR LOSS OF BUSINESS DAMAGES, BASED ON ANY THEORY OF LIABILITY INCLUDING BREACH OF CONTRACT, BREACH OF WARRANTY, TORT(INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR OTHERWISE, EVEN IF MACROMEDIA, INC. OR ITS SUPPLIERS OR THEIR REPRESENTATIVES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.  (USA ONLY) SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILTY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, SO THE ABOVE EXCLUSION OR LIMITATION MAY NOT APPLY TO YOU AND YOU MAY ALSO HAVE OTHER LEGAL RIGHTS THAT VARY FROM STATE TO STATE.   
======================================================================================
Macromedia respects the Web and the privacy of those who use it. If you do not   
want to receive any future messages from Macromedia please forward this email to 
removeallaire.com with the subject "REMOVE".
======================================================================================

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]