Adobe has ColdFusion hotfix, could contain remote execution flaw

Adobe has issued a hotfix for a vulnerability that affects ColdFusion 10 and prior.

Adobe has released a hotfix for ColdFusion for Windows, Macs, and Unix-based machines.

The fix addresses an issue in ColdFusion 10, 9.0.2, 9.0.1, 9.0, 8.0.1, and 8.0 that could result in a denial-of-service (DoS) condition. The fix is not available in a patch, meaning that administrators will need to follow Adobe's set of instructions for their specific version of ColdFusion and mitigate against the vulnerability manually.

The hotfix has been rated as important and has a priority rating of 2, so administrators need not apply the fix immediately but should do so within 30 days.

However, according to Security Focus' listing, the vulnerability may also result in arbitrary code execution, although this claim has not been confirmed. Security Focus is also not aware of any exploits in the wild against the vulnerability.

Adobe has credited UK ColdFusion and PHP web developer Dave Boyer for discovering the vulnerability.

Melbourne IT was recently breached via an older ColdFusion vulnerability that allowed attackers to steal data belonging to Australian internet service provider (ISP) AAPT. Melbourne IT is already aware of the issue, and has scheduled the hotfix to be deployed.


You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All