0 Replies Latest reply on Jun 20, 2013 4:23 AM by winkelmann

    Coldfusion 8.01, Nessus Finding CVE-2002-0894



      I have a problem with the security issue CVE-2002-0894 and CVE-2000-0681.

      We use CF 8.01 enterprise under windows server 2003 with IIS 6.0 Webserver.


      Our internal scans find an issue ServletExec 4.1 / JRUN ISAPI Multiple DoS.

      Description: By sending an overly long request for a .jsp file, it is possible to crash the remote web server. 

      This problem is known as the ServletExec / JRun ISAPI DoS.

      Download patch #9 from ftp://ftp.newatlanta.com/public/4_1/patches/

      See Also

      No more infos.

      ------------------------------------------------------------------------------------------ -------


      But I can't find on the Adobe Websites or in in the CVE Database a direct link to Coldfusion or Adobe patches (ApsB xxx).

      No info, how to fix the finding or install the patch under cold fusion.


      Has anybody experiences with this topic CVE-2002-0894 and CVE-2000-0681 under coldfusion or could give me an advisory.


      thank's frank