OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Rain Forest Puppy (rfpvulnwatch.org)
Date: Wed Nov 28 2001 - 18:01:22 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    ---------- Forwarded message ----------
    Date: Wed, 28 Nov 2001 13:30:58 -0800 (PST)
    From: Macromedia Security Alert <newsflashmacromedia.com>
    Reply-To: response.secureallaire.com
    Subject: New Macromedia Security Zone Bulletins Posted

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    IMPORTANT:

    Several security issues that may affect Macromedia JRun and
    ColdFusion customers have come to our attention recently.

    To learn about these new issues and what actions you can
    take to address them, Please visit the Security Zone at the
    Macromedia/Allaire Web site:

    http://www.allaire.com/security
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Dear Macromedia customer,

    This week we posted the following new Macromedia
    SECURITY BULLETINS:

       * MPSB01-10: Hotfix Available for JRun Server
            Duplicate Session ID Security Issue.

       * MBSB01-11: The <CFEXECUTE> tag should be disabled
            when using ColdFusion Sandbox Security (Operating
            System type) on Windows.

       * MPSB01-12: Workaround Addresses JRun Server SSIFilter
            Security Issue.

    As a Web application platform vendor, one of our highest
    concerns is the security of the systems our customers
    deploy. We understand how important security is to our
    customers, and we're committed to providing the technology
    and information customers need to build secure Web
    applications.

    ~~~~~~~
    Thank you for your time and consideration on this issue.

    Security Response Team,
    Macromedia, Inc.

    ~~~~
    P.S. As a reminder, Macromedia has set up the following
    e-mail address that customers can use to report security
    issues associated with any Macromedia product:

    [mailto:secureallaire.com]

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ANY INFORMATION, PATCHES, DOWNLOADS, WORKAROUNDS OR FIXES
    PROVIDED BY MACROMEDIA IN THIS BULLETIN IS PROVIDED "AS IS"
    WITHOUT WARRANTY OF ANY KIND. MACROMEDIA AND ITS SUPPLIERS
    DISCLAIM ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED OR
    OTHERWISE, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND
    FITNESS FOR A PARTICULAR PURPOSE. ALSO, THERE IS NO
    WARRANTY OF NON-INFRINGEMENT, TITLE, OR QUIET ENJOYMENT.
    (USA ONLY) SOME STATES DO NOT ALLOW THE EXCLUSION OF
    IMPLIED WARRANTIES, SO THE ABOVE EXCLUSION MAY NOT APPLY
    TO YOU. IN NO EVENT SHALL MACROMEDIA, INC. OR ITS SUPPLIERS
    BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING, WITHOUT
    LIMITATION, DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL,
    SPECIAL, PUNITIVE, COVER, LOSS OF PROFITS, BUSINESS
    INTERRUPTION OR THE LIKE, OR LOSS OF BUSINESS DAMAGES,
    BASED ON ANY THEORY OF LIABILITY INCLUDING BREACH OF
    CONTRACT, BREACH OF WARRANTY, TORT (INCLUDING NEGLIGENCE),
    PRODUCT LIABILITY OR OTHERWISE, EVEN IF MACROMEDIA, INC.
    OR ITS SUPPLIERS OR THEIR REPRESENTATIVES HAVE BEEN ADVISED
    OF THE POSSIBILITY OF SUCH DAMAGES. (USA ONLY) SOME STATES
    DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR
    CONSEQUENTIAL OR INCIDENTAL DAMAGES, SO THE ABOVE EXCLUSION
    OR LIMITATION MAY NOT APPLY TO YOU AND YOU MAY ALSO HAVE
    OTHER LEGAL RIGHTS THAT VARY FROM STATE TO STATE.