Adobe have released updated version of ColdFusion web application development platform. The new version fix two vulnerabilities. A vulnerability (CVE-2013-3350) that could allow an attacker to invoke public methods on ColdFusion Components (CFC) using WebSockets, and a vulnerability (CVE-2013-3349) that could be exploited to cause a denial of service condition on a system running ColdFusion 9.0, 9.0.1 and 9.0.2 on JRun.
Affected versions:
- ColdFusion 10 for Windows, Macintosh and Linux (CVE-2013-3349 not affected).
- ColdFusion 9.0.2, 9.0.1 and 9.0 on JRun
More information can be read from Adobe's security bulletin.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment