Self Signed Certificates in Edge on Windows 2022
When setting up a server for training purposes I wanted to create a self signed certificate for app1.
From: Pete Freitag's Homepage
11/9/23, 10:16 PM
Coldfusion
Self Signed Certificates in Edge on Windows 2022
When setting up a server for training purposes I wanted to create a self signed certificate for app1.
From: Pete Freitag's Homepage
11/9/23, 10:16 PM
Coldfusion
New Blog Domain - www.hoyahaxa.com
I recently moved my blog over to a custom domain -- https://www.
10/19/23, 4:00 PM
Coldfusion
New Blog Domain - www.hoyahaxa.com
I recently moved my blog over to a custom domain -- https://www.
10/19/23, 4:00 PM
Coldfusion
ColdFusion, Connectors, and CFAdmin Security (for more than just ColdFusion 2023 Update 5 and ColdFusion 2021 Update 11)
IntroductionThis post is about ColdFusion 2023 Update 5 and ColdFusion 2021 Update 11, but it's also about more than just those versions.
10/18/23, 8:37 PM
Coldfusion
ColdFusion, Connectors, and CFAdmin Security (for more than just ColdFusion 2023 Update 5 and ColdFusion 2021 Update 11)
IntroductionThis post is about ColdFusion 2023 Update 5 and ColdFusion 2021 Update 11, but it's also about more than just those versions.
10/18/23, 8:37 PM
Coldfusion
Best Practices Are Best, Except When They're Not
A code-review of sorts where we go over some of the real-world situations when things just don't go the way the Stack Overflow Gods say they should. We'll look at the pros and cons of solutions in these situations and the lessons hopefully learned along the way.
From: South of Shasta: Software Development, Web Design, Training
10/2/23, 5:23 AM
Coldfusion
Best Practices Are Best, Except When They're Not
A code-review of sorts where we go over some of the real-world situations when things just don't go the way the Stack Overflow Gods say they should. We'll look at the pros and cons of solutions in these situations and the lessons hopefully learned along the way.
From: South of Shasta: Software Development, Web Design, Training
10/2/23, 5:23 AM
Coldfusion
9/28/23, 7:00 AM
Coldfusion
9/28/23, 7:00 AM
Coldfusion
9/13/23, 6:40 PM
Coldfusion
9/13/23, 6:40 PM
Coldfusion
9/13/23, 5:40 PM
Coldfusion
Exploiting CVE-2017-11286 Six Years Later: XXE in ColdFusion via WDDX Packet
Introduction🎈🎂🎂🎂🎂🎂🎂🎈Six years ago today, on September 12, 2017, Adobe released APSB17-30.
9/12/23, 7:30 AM
Coldfusion
Exploiting CVE-2017-11286 Six Years Later: XXE in ColdFusion via WDDX Packet
Introduction🎈🎂🎂🎂🎂🎂🎂🎈Six years ago today, on September 12, 2017, Adobe released APSB17-30.
9/12/23, 7:30 AM
Coldfusion
Technical Details for CVE-2023-29301: Adobe ColdFusion Access Control Bypass for a CFAdmin Authentication Component
BackgroundIn this post I'll be walking though CVE-2023-29301, which is an access control bypass / password brute force vulnerability in Adobe ColdFusion that I reported to Adobe and was fixed on July 11, 2023 in Adobe Product Security Bulletin APSB23-40.
8/30/23, 1:09 PM
Coldfusion
Technical Details for CVE-2023-29301: Adobe ColdFusion Access Control Bypass for a CFAdmin Authentication Component
BackgroundIn this post I'll be walking though CVE-2023-29301, which is an access control bypass / password brute force vulnerability in Adobe ColdFusion that I reported to Adobe and was fixed on July 11, 2023 in Adobe Product Security Bulletin APSB23-40.
8/30/23, 1:09 PM
Coldfusion
cfscript cf*() functions are Custom Tags
I found an interesting discussion between the community and Adobe today regarding early cfscript functionality for tags.
From: Chris Tierney
7/24/23, 6:31 PM
Coldfusion
cfscript cf*() functions are Custom Tags
I found an interesting discussion between the community and Adobe today regarding early cfscript functionality for tags.
From: Chris Tierney
7/24/23, 6:31 PM
Coldfusion
Simpler Bootstrap accordions
Vertically collapsing accordion UI components are simple to implement these days using native HTML.
From: cfSimplicity
7/14/23, 3:34 PM
Coldfusion
Simpler Bootstrap accordions
Vertically collapsing accordion UI components are simple to implement these days using native HTML.
From: cfSimplicity
7/14/23, 3:34 PM
Coldfusion
On ColdFusion, AES, and Padding Oracle Attacks: Hic Sunt Dracones
TL; DR: If you use AES-CBC (or another block cipher operating in CBC mode) to decrypt user-controlled ciphertext, validate the ciphertext with an HMAC or similar integrity check prior to decryption to avoid Padding Oracle vulnerabilities.
7/4/23, 2:20 AM
Coldfusion
On ColdFusion, AES, and Padding Oracle Attacks: Hic Sunt Dracones
TL; DR: If you use AES-CBC (or another block cipher operating in CBC mode) to decrypt user-controlled ciphertext, validate the ciphertext with an HMAC or similar integrity check prior to decryption to avoid Padding Oracle vulnerabilities.
7/4/23, 2:20 AM
Coldfusion
Adobe ColdFusion Log Verboseness
Server logs in ColdFusion are a must-have resource to help you tune, monitor, and troubleshoot your servers.
From: Chris Tierney
6/27/23, 8:59 PM
Coldfusion
Adobe ColdFusion Log Verboseness
Server logs in ColdFusion are a must-have resource to help you tune, monitor, and troubleshoot your servers.
From: Chris Tierney
6/27/23, 8:59 PM
Coldfusion
FortiGate 80F to Unifi Security Gateway Pro 4 IPSec Tunnel Issues
I have recently replaced an older Cisco ASA 5550 with a FortiGate 80F.
From: Chris Tierney
5/25/23, 11:16 PM
Coldfusion