Adobe released a securitry bulletin for ColdFusion 9 today.

ColdFusion by default allows collections created by the Solr Service to be accessed from any external machine using a URL. This allows users to access information about the collections as well as search and index them.

Adobe recommends affected ColdFusion customers update their installation using the instructions below:

Follow the instructions below to disable external access to the Solr collections:

1.Open the file jetty.xml located at {ColdFusion-home}/solr/etc for Server install or {Solr-Home}/etc directory for other type of installs.

2.Look for the following property. There are two occurances of the property in the jetty.xml file. Locate the uncommented property.

view plain print about
1<Set name="port"><SystemProperty name="jetty.port" default="8983"/></Set>

3.Add the following property just below the above property

view plain print about
1<Set name="Host"><SystemProperty name="jetty.host" default="127.0.0.1"/></Set>

This will set the access to the Solr collections from the browser to localhost only

4.Restart Solr Service.

This entry was posted on January 29, 2010 at 6:05 PM and has received 755 views. There are currently 0 comments. Print this entry.