Entries Tagged as “ Security”
Security | Adobe ColdFusion | Adobe ColdFusion 10 | Announcements | Hotfix | Updates | web application security
New security update is available for coldfusion versions 9.0, 9.0.1, 9.0.2 and 10.0. This hotfix addresses the security issues specified in the technote here. Here is the link to the security bulletin for this hotfix. It also includes few important bug fixes for coldfusion 10 as specified here.
We recommend locking down your server by following the lock down guide and disable unused features in the production environments.
Security | Adobe ColdFusion | e-seminar | web application security
A security update for ColdFusion is now available for versions 10, 9, 9.0.1, 9.0.2. This hotfix addresses two vulnerabilities mentioned in the security bulletin APSB13-19.
If you are on ColdFusion 10, you will see a new update 11 within the ColdFusion administrator for you to download and install. ColdFusion 10 Update 11 includes an important security fix. It also includes several important bug fixes in addition to support for 64-bit COM interoperability, MySQL 5.6 and SQL Server 2012.
Adobe recommends users to update their product installation with this update. Here's a link to the related security technote.
Security | Adobe ColdFusion 10 | web application development
There have been a couple of posts describing the vulnerability using the websocket functionality in ColdFusion 10. The Adobe Product Security Incident Response Team (PSIRT) is aware of this issue and is actively engaged with the ColdFusion Product Team to release a fix. Adobe PSIRT is not aware of this issue being exploited in the wild.
There will be a new update released soon that directly prevents the ability to invoke non-remote methods on the CFC using Websockets.
Security | Administrator | Adobe ColdFusion | Adobe ColdFusion 10 | Announcements | Hotfix | web application security