ColdFusion gets Hotfix

Tuesday, September 18, 2012 @ 12:09 PM gHale

Adobe released an update for ColdFusion to close a security hole in its rapid web application development software.

The hotfix for ColdFusion addresses a vulnerability (CVE-2012-2048), which the company rates as important, that an attacker could exploit remotely to cause a denial-of-service (DoS) condition.

RELATED STORIES
IE 10 gets Flash Fixes
Blackhole Updates Product Offering
Honeypot Now SQL Injection Capable
Malware Hides as Help File

Originally, ColdFusion made it easier to connect simple HTML pages to a database, but by Version 2, it had become a full platform that included an integrated development environment in addition to a full scripting language. As of 2010, versions of ColdFusion included advanced features for enterprise integration and development of Internet applications.

Adobe officials said the unspecified error affects versions 8.0, 8.0.1, 9.0 to 9.0.2, and 10 of ColdFusion for Windows, Mac OS X and UNIX.

Installing the provided hotfix corrects the problem; download links and installation instructions for each affected version are on the APSB12-21 technote page.
http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb12-21.html

All users should download and apply the hotfix, Adobe officials said. Adobe credits UK developer David Boyer for finding and reporting the problem.



Leave a Reply

You must be logged in to post a comment.