Adobe Hotfix for ColdFusion

Monday, June 18, 2012 @ 02:06 PM gHale


Adobe released a security hotfix for web application development platform ColdFusion 9.0.1 and earlier versions for Windows, Mac, and Unix.

The hotfix resolves an HTTP response splitting vulnerability in the ColdFusion component browser.

RELATED STORIES
Adobe Patches ColdFusion Flaw
After Patch, APT’s Still Hit
Adobe Mac Updates Silenced
Critical Flash Player Hole Closed

The vulnerability “could add or modify additional headers, which might cause unexpected behavior,” Adobe said in its security update.

Adobe classified the vulnerabililty as “important” and gave it a priority rating of 2.

Adobe acknowledged the help of Michael Dominice, Yoshi Russell of Intelligent Software Solutions, and Stephen Duncan of Intelligent Software Solutions in identifying and fixing the ColdFusion vulnerability.

In March, Adobe issued a patch for a ColdFusion vulnerability that put users at risk for denial of service (DoS) attacks. The flaw also rated as important and had a priority rating of 2.

“This vulnerability could lead to a denial of service attack using a hash algorithm collision,” Adobe said at that time.



Leave a Reply

You must be logged in to post a comment.