Adobe warns of hash collision in ColdFusion

By Ryan Naraine for Zero Day | March 13, 2012 -- 08:49 GMT (01:49 PDT) | Topic: Developer

Adobe has shipped a priority 2 update to fix a flaw that puts ColdFusion users at risk of denial-of-service attacks.

The vulnerability, rated important, affects ColdFusion 9.0.1 and earlier versions for Windows, Mac OS X and UNIX.

"This vulnerability could lead to a denial of service attack using a hash algorithm collision," the company warned in an advisory.

Adobe recommends that enterprise users of the ColdFusion application server apply the fix within the next 30 days.

ALSO SEE:

Adobe adding 'priority ratings' to security alerts
Adobe warns of 'critical' Flash Player security holes
Adobe Flash Player XSS flaw under 'active attack'

Join Discussion

Add Your Comment

More from Ryan Naraine

Security

Browser vendors block 'active attacks' using fraudulent digital cert
Security

10 security stories that shaped 2012
Security

Adobe code signing infrastructure hacked by 'sophisticated threat actors'
Security

Microsoft to ship emergency IE patch to thwart active attacks

Please review our terms of service to complete your newsletter subscription.

By registering, you agree to the Terms of Use and acknowledge the data practices outlined in the Privacy Policy.

You will also receive a complimentary subscription to the ZDNet's Tech Update Today and ZDNet Announcement newsletters. You may unsubscribe from these newsletters at any time.

You agree to receive updates, alerts, and promotions from the CBS family of companies - including ZDNet’s Tech Update Today and ZDNet Announcement newsletters. You may unsubscribe at any time.

By signing up, you agree to receive the selected newsletter(s) which you may unsubscribe from at any time. You also agree to the Terms of Use and acknowledge the data collection and usage practices outlined in our Privacy Policy.

Newsletters

See All

Related Topics:

Join Discussion

More from Ryan Naraine

Newsletters

Related Stories