Adobe plugs critical ColdFusion, JRun vulnerabilities

Summary:Adobe's never-ending run on the security treadmill hit a new gear this week with the release of patches to cover serious vulnerabilities in the ColdFusion and JRun web design and development platforms.The patches, rated critical, cover a total of 7 vulnerabilities, some of which "could lead to the potential compromise of user accounts or the affected system," according to an advisory from Adobe (Techmeme).

Adobe's never-ending run on the security treadmill hit a new gear this week with the release of patches to cover serious vulnerabilities in the ColdFusion and JRun web design and development platforms.

The patches, rated critical, cover a total of 7 vulnerabilities, some of which "could lead to the potential compromise of user accounts or the affected system," according to an advisory from Adobe (Techmeme).  They affect ColdFusion v8.0.1 and earlier versions, and JRun 4.0.

[ SEE: Adobe piggybacks on Microsoft Patch Tuesday ]

The raw details:

  • An update for ColdFusion resolves a cross-site scripting vulnerability that could potentially lead to code execution (CVE-2009-1872).
  • An update for ColdFusion resolves a cross-site scripting vulnerability that could potentially lead to code execution (CVE-2009-1877).
  • An update for JRun resolves a management console directory traversal vulnerability that could potentially lead to information disclosure (CVE-2009-1873).
  • An update for JRun resolves multiple management console cross-site scripting vulnerabilities that could potentially lead to code execution (CVE-2009-1874).
  • An update for ColdFusion resolves multiple cross-site scripting vulnerabilities that could potentially lead to code execution (CVE-2009-1875).
  • An update for ColdFusion resolves a double-encoded null character vulnerability that could potentially lead to information disclosure (CVE-2009-1876).
  • An update for ColdFusion resolves a session fixation vulnerability that could potentially lead to privilege escalation (CVE-2009-1878).

Adobe rates these flaws as "critical" and recommends that affected users patch their installations immediately.

Topics: Enterprise Software, Security, Software Development

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.