Application Server Solutions for Microsoft IIS and ASP.NET
       solutions   products   partners   company   support   downloads         store
ServletExec Self-Help: FAQ
Back to Search >  Back to Search Results

Faq ID 406
Product BlueDragon
Category Security
Question Is there a fix for the cfchart security hole in all BlueDragon 7.1.1 products and in BlueDragon.NET 9.0?
Answer Yes.

If you are not using the cfchart tag then:

  • for BlueDragon JX and BlueDragon JEE, remove the servlet mapping of *.cfchart to the chartServlet from web.xml. Here are the lines you would remove:

        <servlet-mapping>
            <servlet-name>cfchartServlet</servlet-name>
            <url-pattern>*.cfchart</url-pattern>
        </servlet-mapping>

  • for BlueDragon.NET, remove the BlueDragon-CFCHART handler from web.config for a virtual directory installation and from applicationHost.config for a global installation. Here is the line you would remove:

        <add name="BlueDragon-CFCHART" path="*.cfchart" verb="*" ... />

If you are using the cfchart tag then:

  • for BlueDragon 7.1.1, install patch 18527 which is located at ftp://ftp.newatlanta.com/public/bluedragon/7_1_1/patches/18527/
  • for BlueDragon.NET 9.0, install patch 2 which is located at ftp://ftp.newatlanta.com/public/bluedragon/9_0/BD_NET_90_final_p2.zip

NOTE: the cfchart tag was added in BlueDragon 7.0 so earlier versions of BlueDragon do not have this vulnerability.



   
company media information terms of use privacy policy contact us