Adobe have released updated versions of ColdFusion web application development platform. This hotfix resolves two input validation issues (CVE-2015-8052 and CVE-2015-8053) that could be used to conduct reflected cross-site scripting attacks. The fix also includes an updated version of BlazeDS which resolves an important Server-side Request Forgery vulnerability (CVE-2015-5255).
Affected versions:
- ColdFusion 11 and 10
More information can be read from Adobe's security bulletin.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment