Friday, October 17, 2014

Adobe ColdFusion Hotfixes Available

Adobe have released updated versions of ColdFusion web application development platform. These hotfixes address a security permissions issue (CVE-2014-0572) that could be exploited by an unauthenticated local user to bypass IP address access control restrictions applied to the ColdFusion Administrator.  Cross-site scripting and cross-site request forgery vulnerabilities (CVE-2014-0570, CVE-2014-0571) are also addressed in the hotfixes.

Affected versions:
- ColdFusion 11, 10, 9.0.2, 9.0.1 and 9.0 for all platforms


More information can be read from Adobe's security bulletin.

No comments: