APSB13-10: Whats considered the maximum safe max post params

-

we applied apsb13-10 update cf9 , have run issues applications.  setting defaulted 100, compared tomcat's 10,000 max post param default, wondering reason behind 100 default , considered max safe value setting.  there no specific details in cves or apsb-13-10 bulletin seem indicate for.  details in adobe bulletin versus cves seem contradict each other murkying vulnerabilities are being patched. 

 

the descrepency refering in adobe bulletin state "this hotfix resolves information leak can occur in multi-threaded use cases. issue not exploitable remotely (cve-2013-1387)."  when looking @ particular cve says "unspecified vulnerability in adobe coldfusion 9.0 before update 10, 9.0.1 before update 9, 9.0.2 before update 4, , 10 before update 9 allows attackers impersonate users via unknown vectors."  not remotely exploitable information leakage differeing impersonating users.  

 

are 2 remotely exploitable issues being fixed noted cves, or 1 cve information leak?  max post param setting have either of these issues being patched, , considered safe maximum post param setting?

the postparameterlimit introduced in apsb12-06, when installed apsb13-10 got apsb12-06 , several other prior hotfixes. 

 

you can read more details of vulnerability helps mitigate in blog entry: http://www.petefreitag.com/item/808.cfm

 

--

pete freitag

foundeo inc. makers of hackmycf & fuseguard



More discussions in ColdFusion


adobe

Comments

Post a Comment

Popular posts from this blog

How to set the order of FAQs instead of alphabetical

-
i have 19 faqs default showing them in alphabetical order.   i dislplay them in different order, weighting this, , how weighting work, is larger number higher priority, question id show first on list need numbered in weight field 19? hey vickituch,   as mentioned, default faq items sorted alphabetically. weighting, can modify order in faq items appear. way weighting works higher number specify, higher priority faq item have. example, if have 3 items each weight specified, priority follows:   99. faq item. 45. faq item. 7. yet faq item More discussions in Content Management and Modules adobe
Read more

Thread: Get UK Keyboard working

-
i using ubuntu desktop on lucid , keyboard changes british keys american keys, #/£, ~/| , "/@ around. in system->preferences->keyboard menu have set keyboard uk. when log via putty uk keys come out right. there other place more configuration required? /vfclistsguy actually settings should enough.. can try setxkbmap -query see current layout settings. Forum The Ubuntu Forum Community Ubuntu Official Flavours Support Desktop Environments [kubuntu] Get UK Keyboard working Ubuntu
Read more

how do I change the e-mail address for my merchant account

-
aloha   i have different primary address paypal account 1 listed merchant account in form   the different address same paypal account different e-mail address   i change responses   how do that?? hi,   you need register email address want paypal account form, current paypal email used form replaced. that, open form, go options -> collect payments. in paypal setup tab, enter new email address , click register.   please let me know if need more assistance.   thanks,   eman fu senior computer scientist adobe systems inc More discussions in Archived Spaces adobe
Read more