Entries Tagged as “Adobe ColdFusion 10”

Resolving "500 Internal Server Error" with ColdFusion 10 Update 14

October 16, 2014 / Krishna Reddy

  Administrator | Adobe ColdFusion 10 | ColdFusion | Connector | General | Hotfix

We have seen that some of you have not been able to get the web server connector working after applying update 14.

We did our investigation and following is our finding.

The connector binaries of ColdFusion 10 update 14 are built on top of  VC++ runtime 2012 update 4.

Installation of VC++ runtime requires admin privileges. If the ColdFusion service runs as administrator or system account, the update itself install the VC++ runtime as this account would have installation privileges.

If your ColdFusion service account is not running as administrator or system account, applying the hotfix from administrator can't install VC++ runtime and you will get "500 internal server error" after configuring the connector.

In this case, you need to manually install VC++ runtime 2012 32-bit and/or 64 bit depending on whether Web server is 32-bit or 64-bit.

You can download VC++ runtime here at:

http://www.microsoft.com/en-in/download/details.aspx?id=30679

When you install hotfix manually, administrator privileges are enforced and so the installation of VC++ runtime is automatically taken care by the updater.

 

 

 

 


Updates for ColdFusion 11, ColdFusion 10 and ColdFusion 9 released

October 14, 2014 / Krishna Reddy

  Security | Adobe ColdFusion | Adobe ColdFusion 10 | Adobe ColdFusion 11 | ColdFusion | ColdFusion 11

The following ColdFusion updates are now available for download:

ColdFusion 11 Update 2

This update contains fixes for vulnerabilites mentioned in the security bulletin APSB14-23.

For the details refer this technote.

ColdFusion 10 Update 14

This update includes Tomcat upgrade to 7.0.54, Tomcat connector upgrade to 1.2.40, support for JDK 8 and Apache 2.4.x, fixes for vulnerabilites mentioned in the security bulletin APSB14-23 and fixes for 63 other bugs.

For the details refer this technote.

ColdFusion 9.0.2, ColdFusion 9.0.1 and ColdFusion 9.0 security update

This update contains fixes for vulnerabilities mentioned in the security bulletin APSB14-23.

For the details refer this technote.

 


Deeper insights into ColdFusion logging mechanisms

September 16, 2014 / HariKrishna Kallae

  Administrator | Adobe ColdFusion | Adobe ColdFusion 10 | Adobe ColdFusion 11 | ColdFusion 11

In ColdFusion, you can use ColdFusion Administrator for changing your logging properties under Debugging & Logging > Logging Settings :

  1. Log location
  2. Maximum file size
  3. Maximum number of archives
  4. Requests taking longer time
  5. CORBA calls
  6. Logging for scheduled tasks
A detailed insight into each of this is available at http://hkallae.wordpress.com/2014/09/15/deeper-insights-into-coldfusion-logging-mechanisms/


Troubleshooting ColdFusion Admin Login Issue

June 30, 2014 / Pavankumar

  Administrator | Adobe ColdFusion 10 | Adobe ColdFusion 11

We have seen some cases where the user is trying to login to ColdFusion administrator console and CF keeps throwing login page again and again even though user has provided valid credentials. We heard users tried doing something like password reset, restarting the server which even didn't helped solving the issue. So we were curious to find what causing this issue and will discuss some of the issues we came across that occur when attempting to log into the administrator console.

Before talking about some of these issues that we found we will see how ColdFusion admin login happens. During login the password entered in ColdFusion Administrator login console will be hashed using SHA-1 and then passed to the server for authentication. If the password entered is correct user will be able to successfully login to the admin console. The hashing related functions are present in sha1.js file which gets loaded when accessing CF admin console. Mostly the login issues occurs either the sha1.js file is not loaded or the browser is not executing any javascript. If either the SHA1.js file is not loaded or browser is not executing the javascript password will be transmitted in plain text (instead of hashed password) which results in login failure.

1) One instance where we have seen this issue because of IIS misconfiguration. IIS uses a default list of global MIME types to determine which types of content to serve. If a client requests a MIME type that is not defined on the Web server, IIS returns a 404 error. In this case IIS admin has created a specific web.config file for coldfusion site. If the coldfusion website specific IIS web.config file contains a duplicate mime type which is also present in the IIS global config mime type list it causes an error in IIS. There by IIS  blocks all the file extensions (Except cfm and cfc as they were mentioned in IIS handler mappings). Because of this issue sha1.js file didn't get loaded which in turn caused login failure. Removing/Commenting out the duplicate mime type from website specific web.config file resolves the issue.

For example:

Assume your website web.config file added additional mime types for file extensions .less and .ttf. 

The above config causes an error because .ttf is already present in the IIS global web.config file. Remove the mimemap for file extension .ttf to resolve the issue.

2) Another instance where user is unable to login to ColdFusion Admin console using Internet Explorer. If IE is running enhanced security mode javascript on the page won't be executed unless the website is added to the trusted sites list. 

To add the ColdFusion website to the trusted list 

By default coldfusion administrator can only be accessed from the list of IP addresses as specified in the Security -> Allowed IP Addresses section.

We will be keep updating this blog if we come across any other issues which prevents user from logging in to the admin console. Also, let us know if you have come across any admin login issues other than which are mentioned above. 

Besides the login issue make sure to mandate that ColdFusion administrator runs only on https as specified in lockdown guide. 

Links for ColdFusion lockdown guide

ColdFusion 11 lockdown guide ColdFusion 10 lockdown guide ColdFusion 9 lockdown guide

 


Adobe ColdFusion Summit 2014

April 11, 2014 / Elishia Dvorak

  Adobe ColdFusion | Adobe ColdFusion 10 | Announcements | CF Summit | ColdFusion | ColdFusion 11 | General

We are pleased to officially announce the next Adobe ColdFusion Summit to be held October 16th and 17th at Aria Resort & Casino, Las Vegas, Nevada.  It's going to be even better than last year and pricing remains very low at $299 early bird rate through July!

Read More


Blue Mango Theme Design By Mark Aplet

Super Powered by Mango Blog