Adobe Patches ColdFusion Flaw

Thursday, March 15, 2012 @ 02:03 PM gHale

A Priority 2 security update for Adobe’s ColdFusion fixes a vulnerability that puts users at risk for denial-of-service (DoS) attacks.

The flaw, rated “important,” affects ColdFusion 9.0.1 and earlier version for Windows, Mac, and UNIX.

Flash Player Flaws Fixed
Firefox Patch Hikes Security
IE Sandbox Next for Flash Player
Flash Player Updates Plug Holes

“This vulnerability could lead to a denial of service attack using a hash algorithm collision,” Adobe said in its security bulletin.

The Priority 2 rating, part of the new advisory system introduced by Adobe last month, means the “update resolves vulnerabilities in a product that has historically been at elevated risk. There are currently no known exploits.”

The “important” rating indicates the vulnerability, if exploited, “would compromise data security, potentially allowing access to confidential data, or could compromise processing resources in a user’s computer.”

Adobe provided a hotfix for the vulnerability and recommended ColdFusion users apply the patch with the next 30 days.

Leave a Reply

You must be logged in to post a comment.