• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

Are Linux servers also vullnerable to apsb 11-14?

New Here ,
Apr 29, 2014 Apr 29, 2014

Copy link to clipboard

Copied

Are Linux servers also vulnerable to apsb 11-14?  Only Windows, Mac's, and UNIX systems are listed in the alert.  We are running CF 9.0

Views

412

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Enthusiast ,
Apr 29, 2014 Apr 29, 2014

Copy link to clipboard

Copied

Yes linux servers also need to apply that patch. When they say UNIX, they are including: Linux, Solaris, AIX

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Apr 29, 2014 Apr 29, 2014

Copy link to clipboard

Copied

We are running CF 9 on Linux. To remediate vulnerability (APSB11-14), we were given below link for fix:

http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb11-14.html

We followed the steps and finally when we started CF Admin, it was throwing error. It was looking for path in as in Windows like

'C:/{ColdFusionHome}/wwwroot ..........now the question is if the CFIDE or CF9 provided on this link also applicable for Linux too?If so, do we need to do any customization?

Moreover if you look at step 9 for this:

Go to {ColdFusion-Home}/wwwroot/WEB-INF directory and make a backup of WEB-INF folder.

above path is using wwwroot which I guess comes in Windows.

If somebody knows a separate link for APSB11-14 for Linux or can guide us if we are missing something on above link, please let me know.

Thanks

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Enthusiast ,
Apr 29, 2014 Apr 29, 2014

Copy link to clipboard

Copied

On linux {ColdFusion-Home} would be /opt/coldfusion9 or something like that by default. It still does have the wwwroot folder, you can find WEB-INF by running: find /opt | fgrep WEB-INF

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Apr 29, 2014 Apr 29, 2014

Copy link to clipboard

Copied

thanks Peter for your response!

I checked again and found -- in our dev box there are two instances --- dev and test...but in coldFusion home there is no wwwroot folder, but in prod box where only one instance is running has the one. Any idea to let wwwroot off on dev box? I am not sure how adding wwwroot to dev box will impact application.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Enthusiast ,
Apr 29, 2014 Apr 29, 2014

Copy link to clipboard

Copied

Sounds like you have a Multiserver/J2EE/JRun install type on your dev box, and a standard install on the production server. Those result in a different folder structure.   So just ignore the wwwroot/WEB-INF and just look for the WEB-INF folder, there should only be one WEB-INF folder per instance. You don't need to create a wwwroot folder.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Apr 29, 2014 Apr 29, 2014

Copy link to clipboard

Copied

yes, we have multi server installation.Now I got confused in this step

Extract all files in CFIDE-9.zip to the web root directory that has {CFIDE-HOME} folder

should I extract these to {CFIDE-HOME} or one level up?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Apr 29, 2014 Apr 29, 2014

Copy link to clipboard

Copied

I understood above one. please disregard. Now I performed all the steps and started CF server. CF Admin has come up fine. Still is there any way I can check if the hotfix installed successfully?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Apr 29, 2014 Apr 29, 2014

Copy link to clipboard

Copied

LATEST

I see this in CF admin:

Update Level {CFHOME}/WEB-INF/cfusion/lib/updates/hf900-00003.jar   

I think this tells me hotfix applied successfully....

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation