Adobe have released updated versions of ColdFusion web application development platform. These fixes address a critical XML parsing vulnerability (CVE-2017-11286), an important cross-site scripting vulnerability (CVE-2017-11285) that could lead to information disclosure and a mitigation for unsafe Java deserialization that could result in remote code execution (CVE-2017-11283, CVE-2017-11284).
Affected versions:
- ColdFusion (2016 release): update 4 and earlier versions
- ColdFusion 11: update 12 and earlier versions
More information can be read from Adobe's security bulletin.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment