ColdFusion Summit 2024 Slides: 20 ways to secure CF
This year at the Adobe ColdFusion summit in Las Vegas I presented on 20 ways to secure ColdFusion.
From: Pete Freitag's Homepage
10/4/24, 7:18 PM
Coldfusion
9/28/24, 7:00 AM
Coldfusion
9/28/24, 7:00 AM
Coldfusion
9/18/24, 7:00 AM
Coldfusion
9/18/24, 7:00 AM
Coldfusion
Announcing ColdFusion updates released Sep 10 2024: P3 security update
Though the news is a couple of days old, I want to share with my readers that an update for ColdFusion has been released Tuesday, Sep 10, for both cf2023 (update 10) and cf2021 (update 16).
9/13/24, 11:48 PM
Coldfusion
Announcing ColdFusion updates released Sep 10 2024: P3 security update
Though the news is a couple of days old, I want to share with my readers that an update for ColdFusion has been released Tuesday, Sep 10, for both cf2023 (update 10) and cf2021 (update 16).
9/13/24, 11:48 PM
Coldfusion
Announcing ColdFusion updates released Sep 10 2024: P3 security update
Though the news is a couple of days old, I want to share with my readers that an update for ColdFusion has been released Tuesday, Sep 10, for both cf2023 (update 10) and cf2021 (update 16).
9/13/24, 10:48 PM
Coldfusion
Latest ColdFusion Security Updates - October 2024
I am going to attempt to keep this page updated with the latest ColdFusion Security Updates and Hotfixes published by Adobe.
From: Pete Freitag's Homepage
9/10/24, 11:28 PM
Coldfusion
Latest ColdFusion Security Updates - December 2024
I am going to attempt to keep this page updated with the latest ColdFusion Security Updates and Hotfixes published by Adobe.
From: Pete Freitag's Homepage
9/10/24, 11:28 PM
Coldfusion
Follow-up on CF 2021 update 15: understanding, solving packages unexpectedly removed
If you've recently applied CF2021 update 15 or are planning to, you need to be aware of a known issue which can cause unexpected removal of some CF packages (modules) which occurs upon the CF restart after installing the update: specifically it's the document, htmltopdf, pdf, presentation, print, an...
9/5/24, 5:53 AM
Coldfusion
Follow-up on CF 2021 update 15: understanding, solving packages unexpectedly removed
If you've recently applied CF2021 update 15 or are planning to, you need to be aware of a known issue which can cause unexpected removal of some CF packages (modules) which occurs upon the CF restart after installing the update: specifically it's the document, htmltopdf, pdf, presentation, print, an...
9/5/24, 5:53 AM
Coldfusion
Follow-up on CF 2021 update 15: understanding, solving packages unexpectedly removed
If you've recently applied CF2021 update 15 or are planning to, you need to be aware of a known issue which can cause unexpected removal of some CF packages (modules) which occurs upon the CF restart after installing the update: specifically it's the document, htmltopdf, pdf, presentation, print, an...
9/5/24, 4:53 AM
Coldfusion
Announcing ColdFusion updates released Aug 20 2024: offers Tomcat upgrade
An update for ColdFusion has been released today for both cf2023 as update 9 and and cf2021 as update 15.
8/21/24, 5:36 AM
Coldfusion
Announcing ColdFusion updates released Aug 20 2024: offers Tomcat upgrade
An update for ColdFusion has been released today for both cf2023 as update 9 and and cf2021 as update 15.
8/21/24, 5:36 AM
Coldfusion
Announcing ColdFusion updates released Aug 20 2024: offers Tomcat upgrade
An update for ColdFusion has been released today for both cf2023 as update 9 and and cf2021 as update 15.
8/21/24, 4:36 AM
Coldfusion
BSidesLV 2024 Slides - Modern ColdFusion Exploitation and Attack Surface Reduction
Thank you to BSidesLV for the opportunity to speak this year. The slides from my talk, Modern ColdFusion Exploitation and Attack Surface Reduction, are now online below. They're pretty similar to my Summercon slides, with a few updates.
8/8/24, 3:33 PM
Coldfusion
BSidesLV 2024 Slides - Modern ColdFusion Exploitation and Attack Surface Reduction
Thank you to BSidesLV for the opportunity to speak this year. The slides from my talk, Modern ColdFusion Exploitation and Attack Surface Reduction, are now online below. They're pretty similar to my Summercon slides, with a few updates.
8/8/24, 3:33 PM
Coldfusion
On ColdFusion Administrator Access Control Bypass Techniques
IntroductionAccess Control is frequently boring but important.
7/24/24, 7:15 PM
Coldfusion
On ColdFusion Administrator Access Control Bypass Techniques
IntroductionAccess Control is frequently boring but important.
7/24/24, 7:15 PM
Coldfusion
Follow-up on June 2024 CF update: more on change of default algorithm from CFMX_COMPAT
If you're considering or have already implemented the latest CF updates from June 2024 (CF2023 update 8 and CF2021 update 14), you might have struggled a bit to understand completely what Adobe was getting at in the update technotes, as they can sometimes be rather terse in covering some points (wor...
7/23/24, 5:58 AM
Coldfusion
Follow-up on June 2024 CF update: more on change of default algorithm from CFMX_COMPAT
If you're considering or have already implemented the latest CF updates from June 2024 (CF2023 update 8 and CF2021 update 14), you might have struggled a bit to understand completely what Adobe was getting at in the update technotes, as they can sometimes be rather terse in covering some points (wor...
7/23/24, 5:58 AM
Coldfusion
Follow-up on June 2024 CF update: more on change of default algorithm from CFMX_COMPAT
If you're considering or have already implemented the latest CF updates from June 2024 (CF2023 update 8 and CF2021 update 14), you might have struggled a bit to understand completely what Adobe was getting at in the update technotes, as they can sometimes be rather terse in covering some points (wor...
7/23/24, 4:58 AM
Coldfusion
Summercon 2024 Slides - Modern ColdFusion Exploitation and Attack Surface Reduction
Last Friday it was an absolute honor to talk about ColdFusion security at Summercon.
7/22/24, 9:59 PM
Coldfusion
Summercon 2024 Slides - Modern ColdFusion Exploitation and Attack Surface Reduction
Last Friday it was an absolute honor to talk about ColdFusion security at Summercon.
7/22/24, 9:59 PM
Coldfusion
Follow-up on March 2024 CF update: "patch" to log "implicit scope searches" that would fail
Don't miss that Adobe had added a useful feature (a "patch", made available in Apr 2024) to help in identifying any CFML code you may have which refers "implicitly" to scopes that would no longer searched (for any variables without a scope prefix), which is the new default behavior for CF2021, CF202...
7/19/24, 5:25 AM
Coldfusion