Status/Resolution/Reason: Closed/Withdrawn/
Reporter/Name(from Bugbase): Karen Johnstone / Karen Johnstone (Karen Johnstone)
Created: 02/03/2013
Components: Security
Versions: 9.0
Failure Type:
Found In Build/Fixed In Build: 9.0 /
Priority/Frequency: Major / All users will encounter
Locale/System: ALL / Win 2008 Server
Vote Count: 0
Duplicate ID: CF-3329722
Problem Description:
ColdFusion Security Hotfix APSB13-03 on ColdFusion 9
http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13 -03.html
After applying the hotfix, users were getting intermittent "The service is unavailable" and "503: Service unavailable" errors.
Errors were occurring on various pages, for different end-users and at different times. Errors also happened on pages with few or no Form Fields. Unable to find anything in various logs.
Steps to Reproduce:
Eventually found that error could at least be reproduced with a POST request with >=102 fields.
Then noticed that a subsequent page request (if made within short time frame) sometimes returned an error - but that it would reload with no problems.
- Perhaps explaining why users were also getting errors for page requests with few or no form fields?
ColdFusion 9 Administrator does not have the "Maximum number of POST request parameters" setting that was introduced in ColdFusion 10.
Any Workarounds:
a. Undo Security Hotfix APSB13-03.
b. Update new-runtime.xml file as per http://forums.adobe.com/message/4540754
----------------------------- Additional Watson Details -----------------------------
Watson Bug ID: 3495051
External Customer Info:
External Company:
External Customer Name: K Johnstone
External Customer Email:
External Test Config: My Hardware and Environment details:
a. Windows Server 2008, ColdFusion Standard 9
b. Windows 7, ColdFusion Standard 9 EvaluationAttachments:
Comments: