Adobe plugs critical ColdFusion, JRun vulnerabilities

Adobe plugs critical ColdFusion, JRun vulnerabilities

Summary: Adobe's never-ending run on the security treadmill hit a new gear this week with the release of patches to cover serious vulnerabilities in the ColdFusion and JRun web design and development platforms.The patches, rated critical, cover a total of 7 vulnerabilities, some of which "could lead to the potential compromise of user accounts or the affected system," according to an advisory from Adobe (Techmeme).

SHARE:

Adobe's never-ending run on the security treadmill hit a new gear this week with the release of patches to cover serious vulnerabilities in the ColdFusion and JRun web design and development platforms.

The patches, rated critical, cover a total of 7 vulnerabilities, some of which "could lead to the potential compromise of user accounts or the affected system," according to an advisory from Adobe (Techmeme).  They affect ColdFusion v8.0.1 and earlier versions, and JRun 4.0.

[ SEE: Adobe piggybacks on Microsoft Patch Tuesday ]

The raw details:

  • An update for ColdFusion resolves a cross-site scripting vulnerability that could potentially lead to code execution (CVE-2009-1872).
  • An update for ColdFusion resolves a cross-site scripting vulnerability that could potentially lead to code execution (CVE-2009-1877).
  • An update for JRun resolves a management console directory traversal vulnerability that could potentially lead to information disclosure (CVE-2009-1873).
  • An update for JRun resolves multiple management console cross-site scripting vulnerabilities that could potentially lead to code execution (CVE-2009-1874).
  • An update for ColdFusion resolves multiple cross-site scripting vulnerabilities that could potentially lead to code execution (CVE-2009-1875).
  • An update for ColdFusion resolves a double-encoded null character vulnerability that could potentially lead to information disclosure (CVE-2009-1876).
  • An update for ColdFusion resolves a session fixation vulnerability that could potentially lead to privilege escalation (CVE-2009-1878).

Adobe rates these flaws as "critical" and recommends that affected users patch their installations immediately.

Topics: Enterprise Software, Security, Software Development

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

5 comments
Log in or register to join the discussion
  • but only windoze systems are vulnerable

    so no worry if you use Linux!
    Linux Geek
    • Reading difficulties? Platform: All Platforms

      <i>Platform: All Platforms</i>

      Right at the top of the <i>details</i> link.
      Sorry, but CF is a cross-platform web development language based on Java.

      All platforms are hit by this. Even cheapo LinSux shops will have to get on top of this one.

      Grow up, troll.
      honeymonster
  • Deleted. (nt)

    honeymonster
  • RE: Adobe plugs critical ColdFusion, JRun vulnerabilities

    There is a handy guide to applying these hotfixes available on the Coldfusion Security.org site at:

    http://www.coldfusionsecurity.org/post.cfm/help-applying-coldfusion-hotfixes-for-vulnerability-apsb09-12

    There are at least 5 seperate updates to deploy and a few gotchas with several of them so if you have troubles check the above website for help. Cheers, Mike.
    coldfusionsecurity.org
  • RE: Adobe plugs critical ColdFusion, JRun vulnerabilities

    Well done! Thank you very much for professional templates and community edition
    <a href="http://www.yuregininsesi.com">seslisohbet</a> <a href="http://www.yuregininsesi.com">seslichat</a>
    birumut