Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)
Computer Emergency Response Team of Mauritius>Adobe issues security updates to address ColdFusion vulnerability

Adobe issues security updates to address ColdFusion vulnerability


Adobe released security updates to address an important vulnerability in ColdFusion versions 11 and 10. This patch resolves an issue associated with the parsing of crafted XML external entities in BlazeDS that could lead to information disclosure (CVE-2015-3269). Users are advised to update to ColdFusion 11 Update 6 and ColdFusion 10 Update 17, both of which include an updated version of BlazeDS. Adobe deemed the issue important in severity because the vulnerability can be exploited to compromise data security. The software company also rated the update Priority 2, meaning there are currently no known exploits.
 
Source:
 
SC Magazine
 
Adobe Security Bulletin
 
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis