Application Server Solutions for Microsoft IIS and ASP.NET
       solutions   products   partners   company   support   downloads         store
ServletExec Self-Help: FAQ
Back to Search >  Back to Search Results

Faq ID 406
Product BlueDragon
Category Security
Question Is there a fix for the cfchart security hole in all BlueDragon 7.1.1 products and in BlueDragon.NET 9.0?
Answer Yes.

If you are not using the cfchart tag then:

  • for BlueDragon JX and BlueDragon JEE, remove the servlet mapping of *.cfchart to the chartServlet from web.xml. Here are the lines you would remove:


  • for BlueDragon.NET, remove the BlueDragon-CFCHART handler from web.config for a virtual directory installation and from applicationHost.config for a global installation. Here is the line you would remove:

        <add name="BlueDragon-CFCHART" path="*.cfchart" verb="*" ... />

If you are using the cfchart tag then:

  • for BlueDragon 7.1.1, install patch 18527 which is located at
  • for BlueDragon.NET 9.0, install patch 2 which is located at

NOTE: the cfchart tag was added in BlueDragon 7.0 so earlier versions of BlueDragon do not have this vulnerability.

company media information terms of use privacy policy contact us