Business
Adobe plugs critical ColdFusion, JRun vulnerabilities
Adobe's never-ending run on the security treadmill hit a new gear this week with the release of patches to cover serious vulnerabilities in the ColdFusion and JRun web design and development platforms.The patches, rated critical, cover a total of 7 vulnerabilities, some of which "could lead to the potential compromise of user accounts or the affected system," according to an advisory from Adobe (Techmeme).
The patches, rated critical, cover a total of 7 vulnerabilities, some of which "could lead to the potential compromise of user accounts or the affected system," according to an advisory from Adobe (Techmeme). They affect ColdFusion v8.0.1 and earlier versions, and JRun 4.0.
[ SEE: Adobe piggybacks on Microsoft Patch Tuesday ]
The raw details:
- An update for ColdFusion resolves a cross-site scripting vulnerability that could potentially lead to code execution (CVE-2009-1872).
- An update for ColdFusion resolves a cross-site scripting vulnerability that could potentially lead to code execution (CVE-2009-1877).
- An update for JRun resolves a management console directory traversal vulnerability that could potentially lead to information disclosure (CVE-2009-1873).
- An update for JRun resolves multiple management console cross-site scripting vulnerabilities that could potentially lead to code execution (CVE-2009-1874).
- An update for ColdFusion resolves multiple cross-site scripting vulnerabilities that could potentially lead to code execution (CVE-2009-1875).
- An update for ColdFusion resolves a double-encoded null character vulnerability that could potentially lead to information disclosure (CVE-2009-1876).
- An update for ColdFusion resolves a session fixation vulnerability that could potentially lead to privilege escalation (CVE-2009-1878).
Adobe rates these flaws as "critical" and recommends that affected users patch their installations immediately.