Don’t forget to tell us about your stack!
OS: Debian 11
Java Version: 11
Tomcat Version: included
Lucee Version: 126.96.36.199
installed on an already running multi-site enabled Apache2 LAMP server. the /var/www/html folder will load a index.cfm file but when i try to browse to
i get this.
this is the
(new user image removed)
i know nothing about Lucee, Tomcat, or ColdFusion, i have a backed up website that i am trying to get running and i have this server available. i can post logs if you tell me what log is relevant.
thanks for your time.
this server is entirely headless. i need to be able to access this VIA IP or domain name. i will not be able to ever use
http://localhost/lucee/admin/web.cfm on this server.
is that my problem?
how do i enable this?
of note: the server ‘works’ and my cfm pages are actually viewable in a browser. i need the admin portal to connect to a SQL instance for this page though.
also: identical results with or with out :8888 in the address.
This was mostly happening/reported with Lucee 188.8.131.52 with Linux and should have been corrected with 184.108.40.206 see
Lucee Critical Security Alert, August 15th, 2023 - CVE-2023-38693 - #34 by Zackster. Not sure if this is now s regression. Does it affect only the Overview page in the Lucee sdnin?
clicking ANYTHING returns me to the login page.
logging in takes me to the ERROR page shown.
same issue using web.cfm or server.cfm
Can you try removing all session cookies?
things i have tried this morning
installing a wm and browser on the server = same results using :8888 or not
on the local server tried. new browser cleaned everything each time. this server had no WM till just now.
http://127.0.0.1:8888/lucee/admin/server.cfm = same result
http://127.0.0.1/lucee/admin/server.cfm = same result
http://localhost:8888/lucee/admin/server.cfm = same result
http://localhost/lucee/admin/server.cfm = same result
seems to me like lucee is not able to get the stuff for the pages. i have done the install with ROOT as the tomcat user and with www-data as the tomcat user (both should have full access to my /var/www)
same results both ways
Try also this:
can i just install an older version or the 6.0 RC?
figures the one day i would try using lucee there would be a show stopper bug?
@Zedicus I’ve misread your version. Have you read the entire thread?
The Lucee team received a responsible disclosure for a security vulnerability which affects all previous releases of Lucee.
After reviewing the report and confirming the vulnerability, the Lucee team then conducted a further security review and found additional vulnerabilities which have been addressed as part of this security update.
Latest Stable Releases
Backported Stable Releases
In addition, as we are aware that some Lucee users have not yet upgr…
Please try one of the fixed versions .
i just double checked and i am on 220.127.116.11 now. and i was when i loaded the server with the local browser and tried it. all with the same issue.
i cleaned out all the WEB-INF folders and everything during the last install also.
As I linked above 18.104.22.168 is a Snapshot that fixes the admin issue of 22.214.171.124 Please try that one.
As I linked above
yes i will, i was just showing that i think i went from one bad version to another bad version. Thank you for your help, i will try the recommended one and report back later today.
i clean installed with the 126.96.36.199 installer and everything is working. i was able to get to the admin portal and connect my database. all is well.
THANK YOU !!