Adobe have released updated versions of ColdFusion web application development platform. These hotfixes address a security permissions issue (CVE-2014-0572) that could be exploited by an unauthenticated local user to bypass IP address access control restrictions applied to the ColdFusion Administrator. Cross-site scripting and cross-site request forgery vulnerabilities (CVE-2014-0570, CVE-2014-0571) are also addressed in the hotfixes.
Affected versions:
- ColdFusion 11, 10, 9.0.2, 9.0.1 and 9.0 for all platforms
More information can be read from Adobe's security bulletin.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment