Please be advised that this website will become read-only on December 09, 2016 and will be shut down soon after.
      Please use https://tracker.adobe.com, going forward.
More...If you are searching in Tracker for old issues created through bugbase, you can search by the <project_key>-<old bugbase number>.
<project_key> is mapped as:
 
ColdFusion        : CF     
Framemaker        : FRMAKER
RoboHelp          : RH     
Adobe AIR         : AIR    
Adobe Flash Player: FP     
Less...

ColdFusion 10.0  -  Feature 3517498

Created on Monday, March 11, 2013

Login for more options

Title

cflogin - errors with bad input

Description

I've now seen cflogin throw an error twice now w/ bad input at - I believe - the cookie level. Here is a report from one user:

http://www.raymondcamden.com/forums/messages.cfm?threadid=C60102CA-9221-2FD6-A3CEDCAA37CDBF73&page=1&

Another one is an array error:

java.lang.ArrayIndexOutOfBoundsException: 1 at coldfusion.security.SecurityManager.parseAuthInfo(SecurityManager.java:2677) at coldfusion.tagext.security.AuthenticateTag.parseAuthUpdate(AuthenticateTag.java:358) at coldfusion.tagext.security.AuthenticateTag.doStartTag(AuthenticateTag.java:329) at cfApplication2ecfm752727542.runPage(C:\inetpub\wwwroot\Forta Forums\Application.cfm:93) at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:244) at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:444) at coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65) at coldfusion.filter.CfincludeFilter.include(CfincludeFilter.java:33) at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:346) at coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:48) at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40) at coldfusion.filter.PathFilter.invoke(PathFilter.java:112) at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:94) at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28) at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38) at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46) at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38) at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22) at coldfusion.filter.CachingFilter.invoke(CachingFilter.java:62) at coldfusion.CfmServlet.service(CfmServlet.java:219) at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(

At the end of the day, these smell like someone trying to hack, but cflogin shouldn't throw these exceptions.

Test Configuration

My Hardware and Environment details:

App Language(s) English
OS Language(s) English
Platform(s) Platforms All
Browser(s)

Notes (0)

Duplicate ID
Reported By Raymond Camden

Status

State Closed
Status Fixed
Reason

Importance

Priority 0-Unknown
Frequency Some users will encounter
Failure Type Unspecified
Product Area Security

Build

Found In Build Final
Fixed In Build 284476

Attachments (0)

No Files Attached

Votes (0)

Your session has expired! Click to login
Current form data will be preserved

Cancel