Copy link to clipboard
Copied
Are Linux servers also vulnerable to apsb 11-14? Only Windows, Mac's, and UNIX systems are listed in the alert. We are running CF 9.0
Copy link to clipboard
Copied
Yes linux servers also need to apply that patch. When they say UNIX, they are including: Linux, Solaris, AIX
Copy link to clipboard
Copied
We are running CF 9 on Linux. To remediate vulnerability (APSB11-14), we were given below link for fix:
http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb11-14.html
We followed the steps and finally when we started CF Admin, it was throwing error. It was looking for path in as in Windows like
'C:/{ColdFusionHome}/wwwroot ..........now the question is if the CFIDE or CF9 provided on this link also applicable for Linux too?If so, do we need to do any customization?
Moreover if you look at step 9 for this:
Go to {ColdFusion-Home}/wwwroot/WEB-INF directory and make a backup of WEB-INF folder.
above path is using wwwroot which I guess comes in Windows.
If somebody knows a separate link for APSB11-14 for Linux or can guide us if we are missing something on above link, please let me know.
Thanks
Copy link to clipboard
Copied
On linux {ColdFusion-Home} would be /opt/coldfusion9 or something like that by default. It still does have the wwwroot folder, you can find WEB-INF by running: find /opt | fgrep WEB-INF
Copy link to clipboard
Copied
thanks Peter for your response!
I checked again and found -- in our dev box there are two instances --- dev and test...but in coldFusion home there is no wwwroot folder, but in prod box where only one instance is running has the one. Any idea to let wwwroot off on dev box? I am not sure how adding wwwroot to dev box will impact application.
Copy link to clipboard
Copied
Sounds like you have a Multiserver/J2EE/JRun install type on your dev box, and a standard install on the production server. Those result in a different folder structure. So just ignore the wwwroot/WEB-INF and just look for the WEB-INF folder, there should only be one WEB-INF folder per instance. You don't need to create a wwwroot folder.
Copy link to clipboard
Copied
yes, we have multi server installation.Now I got confused in this step
should I extract these to {CFIDE-HOME} or one level up?
Copy link to clipboard
Copied
I understood above one. please disregard. Now I performed all the steps and started CF server. CF Admin has come up fine. Still is there any way I can check if the hotfix installed successfully?
Copy link to clipboard
Copied
I see this in CF admin:
Update Level | {CFHOME}/WEB-INF/cfusion/lib/updates/hf900-00003.jar |
I think this tells me hotfix applied successfully....