Based on the limited information released, I'm not sure how anyone could make the claim "was beyond their direct control and was a flaw in cold fusion." I use ColdFusion everyday and most of the "vulnerabilities" reported can be avoided by using best practices -- the biggest being to remap the CFIDE directory to an empty directory and then add a virtual SCRIPTS directory under it pointing it back to the original CFIDE/SCRIPTS location. This one best practice prevents 99+% or the ColdFusion vulnerabilities. Most likely, preventing the breach was in their control.
Slashdot Mirror
...Linux can't be hacked.
@Anonymous Coward, With this statement alone you lost any and all credibility you might have had.
Based on the limited information released, I'm not sure how anyone could make the claim "was beyond their direct control and was a flaw in cold fusion." I use ColdFusion everyday and most of the "vulnerabilities" reported can be avoided by using best practices -- the biggest being to remap the CFIDE directory to an empty directory and then add a virtual SCRIPTS directory under it pointing it back to the original CFIDE/SCRIPTS location. This one best practice prevents 99+% or the ColdFusion vulnerabilities. Most likely, preventing the breach was in their control.