Entries Tagged as “ Security”

New Critical ColdFusion security update for version 9 and above

May 14, 2013 / Shilpi Khariwal

  Security | Administrator | Adobe ColdFusion | Adobe ColdFusion 10 | Announcements | Hotfix | web application security

 

A security update for ColdFusion is now available for versions 10, 9, 9.0.1 and 9.0.2. This hot-fix addresses issues reported in Advisory 13-03

If you are on ColdFusion 10, you will see a new update 10 within the ColdFusion administrator for you to download and install.

Adobe recommends users update their product installation with this update. Here's a link to the related security bulletin. 

We highly recommend locking down public facing servers to prevent against unknown attacks. As an additional precaution, we recommend commenting RDS servlet in web.xml

Complete instructions for protecting server can be found accessed here. ColdFusion 10 Lockdown Guide, ColdFusion 9 Lockdown Guide

 

---

A security advisory for ColdFusion

May 08, 2013 / Hemant Khandelwal

  Security | Adobe ColdFusion

Adobe has released a new security advisory for ColdFusion and is available here.

As a mitigation step, the advisory advises you to restrict public access to the CFIDE/administrator, CFIDE/adminapi and CFIDE/gettingstarted directories by following the hardening guidance in the ColdFusion 9 Lockdown Guide and ColdFusion 10 Lockdown Guide.

 

---

The latest ColdFusion security bulletin is updated with a revised description

April 19, 2013 / Hemant Khandelwal

  Security | Adobe ColdFusion

The title says it all. Please check the bulletin for details here http://www.adobe.com/support/security/bulletins/apsb13-10.html

---

New ColdFusion security update for version 9 and above

April 08, 2013 / Shilpi Khariwal

  Security | Adobe ColdFusion | Adobe ColdFusion 10 | Announcements | Updates | web application security

 

An important security update for ColdFusion is now available for versions 10, 9, 9.0.1 and 9.0.2.

If you are on ColdFusion 10, you will see a new update 9 within the ColdFusion administrator for you to download and install.

Adobe recommends users update their product installation with this update. Here's a link to the related security bulletin.

Note: It is recommended that, request related functionality is not used with CFThread. 

 

---

ColdFusion security bulletin dated January 15, 2013 is updated

March 20, 2013 / Hemant Khandelwal

  Security

Adobe has recently updated security bulletin dated January 15, 2013 to provide additional information to inspect files and scheduled tasks of unknown origin along with recommendation to follow security best practices.

The updated security bulletin is available here.

---

Resources

Recent Entries

• Adobe ColdFusion e-seminar: REST Support in ColdFusion 10
• Video : Community Week #1 - Multi user management in ColdFusion 10
• Video : ColdFusion @ SOTR 2013
• ColdFusion Education Initiative: New Web Application Development curriculum from Adobe
• ColdFusion Summit: Suggest and vote for the topics that you would like to see
• More in the archives

Categories

• Administrator
• Adobe ColdFusion
• Adobe ColdFusion 10
• Adobe ColdFusion Builder
• Adobe ColdFusion Builder 2.0
• Adobe ColdFusion Builder 2.0.1
• Announcements
• Application Server
• bugbase
• Caching
• CF Summit
• CFBuilder
• CFMeetUp
• ColdFusion
• ColdFusion Functions
• ColdFusion Secure Profile
• Connector
• creating a website
• Docs
• e-seminar
• General
• Hotfix
• HTML5
• Mobile
• Performance
• productivity
• Rapid Application Development
• scripting language
• Security
• Session Management
• Splendor
• Tomcat
• Tuning
• Updates
• Video
• web application
• web application development
• web application security
• web programming
• WebServices
• WebSocket
• Zeus

Monthly Archives

• June 2013 (7)
• May 2013 (11)
• April 2013 (10)
• March 2013 (11)
• February 2013 (7)
• January 2013 (8)
• December 2012 (4)
• November 2012 (7)
• October 2012 (1)

Subscribe to Blog