Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)
Computer Emergency Response Team of Mauritius>Adobe Pushes Hotfix for ColdFusion

Adobe Pushes Hotfix for ColdFusion


Adobe has released hotfixes and security updates for three of its products that patch a handful of vulnerabilities, none of which are being publicly exploited. The most serious vulnerabilities were in ColdFusion, Adobe’s web application development platform. The hotfix affects ColdFusion 11 Update 6 and earlier, and ColdFusion 10 Update 17 and earlier; users should upgrade to 11 Update 7 and 10 Update 18.  This hotfix resolves two input validation issues that could be used in reflected cross-site scripting attacks. This hotfix also includes an updated version of BlazeDS that resolves an important  server-side request forgery vulnerability. Adobe also released security updates for LiveCycle Data Services, affecting versions 4.7, 4.6.2, 4.5, 3.1 and 3.0.x on Windows, Mac OS X and UNIX machines. LiveCycle Data Services is Adobe’s application framework. The update patches the same server-side request forgery vulnerability patched in ColdFusion and also includes a new version of BlazeDS, a Java-based remote messaging feature included in both products.
 
Source:
Threat Post
 
Adobe Security
 
Team Cymru
 
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis