[Looking for Charlie's main web site?]

Recent critical Lucee security vulns: make sure you're protected, finding out more about them

Posted At : February 22, 2024 11:22 AM | Posted By : Charlie Arehart
Related Categories: updates, security, lucee
Comments: (1)

There has been important news released (this week and last week) about a critical Lucee security vuln (an RCS or remote code execution vuln). You'll want to make sure your Lucee instances are protected either by updates or configuration (or both). There are actually 3 matters to beware.

[....Continue Reading....]

Comments (1)

Comments

[Add Comment]

If you may have gotten my initial notification of this post, I want to note that I have added a new section above, "Mind your P's and Q's...or, why Lucee's cf_client_* cookie vuln is NOT the same issue as CF's _cfclient querystring vuln".

# Posted By charlie arehart | 2/22/24 11:48 AM

[Add Comment]

Home

View all posts

Enter your email address to subscribe to this blog.

Recent Comments

ColdFusion 2025 released, Feb 25 2025: resources and my initial thoughts
Charlie Arehart said: Uday, I assume you're speaking in your role as a member of the cf team. Thanks. But can you clarify ... [more]

ColdFusion 2025 released, Feb 25 2025: resources and my initial thoughts
Uday Ogra said: Christopher, that periodic check in call will be made by running CF server

ColdFusion 2025 released, Feb 25 2025: resources and my initial thoughts
Charlie Arehart said: Christopher, I don't work for Adobe so can't answer that last question. :-) I'm just a messenger, po ... [more]

ColdFusion 2025 released, Feb 25 2025: resources and my initial thoughts
Christopher said: So if I'm understanding the new licensing correctly for those of us who previously would purchase a ... [more]

Easily finding cached/old versions of a site/page when it's down or gone
Charlie Arehart said: I'm sorry to hear of your plight. What you ask is well beyond the scope of this post, but I realize ... [more]

Calendar

Sun	Mon	Tue	Wed	Thu	Fri	Sat
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29

Entries by year

2025 (5)

2024

December (1)
October (2)
September (2)
August (1)
July (5)
June (1)
May (3)
April (4)
March (1)
February (2)
January (6)

2023 (33)
2022 (20)
2021 (18)
2020 (17)
2019 (23)
2018 (15)
2017 (14)
2016 (17)
2015 (10)
2014 (19)
2013 (18)
2012 (32)
2011 (21)
2010 (30)
2009 (52)
2008 (95)
2007 (94)
2006 (94)

RSS

Contact

About

A veteran server troubleshooter who's worked in enterprise IT for more than three decades, Charlie Arehart (@carehart) is a longtime contributor to the community who as an independent consultant provides remote, short-term, and even on-demand troubleshooting/tuning assistance for organizations of all sizes and experience levels (carehart.org/consulting).

You can reach Charlie by email at charlie (at) carehart.org, or you can follow him on twitter, @carehart. This blog is one resource among several within https://www.carehart.org/, where you can also find out more about him.

In fact, if you'd like his help, he's available for consulting for as little as 15 minutes.

Appreciate any of the resources I've offered?

Archives By Subject

admin (107) [RSS]
apache (11) [RSS]
API Manager (4) [RSS]
basics (8) [RSS]
blogging (14) [RSS]
bug reports (1) [RSS]
business (2) [RSS]
carehart classics (26) [RSS]
CF Server Monitor (26) [RSS]
cf10 (60) [RSS]
cf11 (46) [RSS]
cf2016 (59) [RSS]
CF2016 Intro Series (9) [RSS]
cf2018 (58) [RSS]
cf2021 (60) [RSS]
cf2023 (40) [RSS]
cf2025 (4) [RSS]
cf411 series (10) [RSS]
cf8 (52) [RSS]
cf9 (34) [RSS]
cf911 (54) [RSS]
CFBuilder (20) [RSS]
CFFundamentals (5) [RSS]
cfml (35) [RSS]
cfmx (8) [RSS]
cfmythbusters (7) [RSS]
commandbox (3) [RSS]
community (24) [RSS]
connector (8) [RSS]
contributions (13) [RSS]
debugging (13) [RSS]
derby (5) [RSS]
docker (8) [RSS]
editors (10) [RSS]
evangelism (5) [RSS]
fusionreactor (62) [RSS]
general (59) [RSS]
hidden gems (12) [RSS]
homesite+ (3) [RSS]
hotfix (21) [RSS]
IIS (13) [RSS]
installation (9) [RSS]
introduction (2) [RSS]
java (45) [RSS]
javascript (2) [RSS]
jdbc (10) [RSS]
keyboard shortcuts (5) [RSS]
licensing (8) [RSS]
logs (8) [RSS]
lucee (20) [RSS]
migrating (1) [RSS]
monitoring (42) [RSS]
news (22) [RSS]
orm (2) [RSS]
performance (14) [RSS]
personal (3) [RSS]
PMT (6) [RSS]
podcasts (5) [RSS]
presentations (28) [RSS]
railo (10) [RSS]
redis (2) [RSS]
resource lists (26) [RSS]
security (28) [RSS]
seefusion (11) [RSS]
sql server (14) [RSS]
tips (22) [RSS]
tomcat (9) [RSS]
tools (44) [RSS]
training (8) [RSS]
troubleshooting (74) [RSS]
tuning (14) [RSS]
ugtv (11) [RSS]
updates (63) [RSS]
web services (8) [RSS]
webserver (5) [RSS]
writing (20) [RSS]
zeus (3) [RSS]

Upcoming/Recent Conference Appearances

Adobe CF Summit
Sep 2025

Into The Box
May 2025

Adobe CF Summit East
Mar 2025

CFCamp
June 2024

BlogCFC was created by Raymond Camden. This blog is running version 5.005.
(Want to validate the HTML in this page?)

Managed Hosting Services provided by