Adobe Issues ColdFusion Hotfix

Friday, April 28, 2017 @ 03:04 PM gHale


Adobe released hotfixes that addresses an input validation flaw in multiple versions of its ColdFusion web application development platform.

The company also fixed a java deserialization error in its Apache BlazeDS Java remoting and web messaging technology.

RELATED STORIES
Across the Board Fixes for Adobe
Adobe Fixes Flash, Shockwave Holes
Microsoft Issues Flash Patches
Adobe Updates Flash Player

The vulnerability in ColdFusion, officially designated CVE-2017-3008, could potentially end up exploited across all platforms in reflected cross-site scripting attacks, according to an Adobe security bulletin.

The bug is in ColdFusion’s 2016 release (Update 3 and earlier), as well as versions 11 (Update 11 and earlier) and 10 (Update 22 and earlier).

Adobe credited “Lion” with discovering the ColdFusion vulnerability and Moritz Bechler with reporting the Apache BlazeDS vulnerability (designated CVE-2017-3066).



Leave a Reply

You must be logged in to post a comment.