Dreamweaver Server Behavior SQL Injection vulnerability

New Dreamweaver problem this morning;

Dreamweaver Server Behavior SQL Injection vulnerability [1]

Summary
——-
Release Date: May 9, 2006

Vulnerability Identifier: APSB06-07

CVE Number: CVE-2006-2042

Platform: Windows, Macintosh

Code generated by Dreamweaver server behaviors for the ColdFusion, PHP mySQL,
ASP, ASP.NET, and JSP server models could allow SQL Injection by an attacker.

Solution
——–
Dreamweaver 8 users should update their licensed software to Dreamweaver 8.0.2.
Dreamweaver MX 2004 users should follow the instructions to update code generated
by Dreamweaver MX 2004.

Affected Software Versions
————————–
Dreamweaver 8 and Dreamweaver MX 2004



Do to the nature of this issue, in our environment the risk is

THREAT LEVEL
============
Very-Low.

[1.] Dreamweaver Server Behavior SQL Injection vulnerability [Adobe]
[2.] ITSS-Advisory : LOW : Adobe : Dreamweaver : SQL injection [UNIMELB:INFODIV]

This entry was posted in patch, security. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.