10 comments so far ↓

• 1 John Cooper // Jan 7, 2013 at 2:18 AM
  The advisory only mentions CF9 and CF10. Is CF8 also affected?
• 2 Aaron Neff // Jan 15, 2013 at 4:37 PM
  Regarding logging into CF Admin w/ an empty RDS password, is that CVE-2013-0625 or CVE-2013-0632? Both have identical descriptions.
  
  Thanks!,
  -Aaron
• 3 Aaron Neff // Jan 15, 2013 at 5:30 PM
  +1 to John's question. Which, if any, of these also affects CF8?
  
  CVE-2013-0625, CVE-2013-0629, CVE-2013-0631, CVE-2013-0632
  
  Thanks!,
  -Aaron
• 4 Hemant Khandelwal // Jan 15, 2013 at 5:46 PM
  CF9 & CF10 are actively supported versions. Please contact product security team PSIRT@adobe.com if you need more details.
• 5 Steve Logan // Jan 18, 2013 at 8:41 AM
  I went to install update 7 today and at the top of my Hotfix Install page I have the following text:
  
     
  ColdFusion 10 Update 7 - Continue installation
  ColdFusion 10 Update 6 - Continue installation
  Progress Information
  Progress Information
  Error
  Confirm overwrite
  Uninstall Confirmation
  
  Server version is 10,0,5,283319
  
  I tried to install just update 6 and nothing happens when I push the download & install button.
• 6 Krishna Reddy // Jan 18, 2013 at 11:06 PM
  @Steve Logan:
  Can please let me know the corresponding log from the following file:
  <ColdFusion10Home>\cfusion\logs\update.log ?
  Has <ColdFusion10Home>\cfusion\hf-updates\hf-10-00006 been created and is there any log file there.
  If it is there you can mail me AT krishnapATadobeDOTcom
• 7 lukester // Mar 20, 2013 at 2:40 PM
  @Krishna Reddy, i have the same problem as Steve logan, but with update 8. When clicking the download button nothing happens, there is no hf-10-00008 folder created.
  
  I have tried copying the updates.xml file from backup and restarting but it tells me no updates have been applied and i am unable to download any.
  
  I'm going to uninstall update 7 manually and see if that fixes things. If you have seen this before and know how to fix it please post the answer as this is the top thread on google when searching the error :-)
• 8 Krishna // Mar 20, 2013 at 8:23 PM
  @lukester
  Please download the hotfix directly from:
  http://download.adobe.com/pub/adobe/coldfusion/hotfix_008.jar
  
  and then open the command prompt (with Run as Administrator" option for all Vista/Win7/Win8 family OSes)
  
  Then run the just downloaded jar file from command prompt:
  First cd to where it is downloaded. and then run as follows. Change path as per your installation.
  >C:\ColdFusion10\jre\bin\java -jar hotfix_008.jar
  
  Thanks,
  Krishna
• 9 Steve Logan // Mar 21, 2013 at 3:44 AM
  @lukester @Krishna - I ended up downloading the jar files manually and then installing from command prompt. My guess is that something in the CF10 secure installation guide (probably a permission somewhere) messes with the automatic installer.
  
  I DO wish though that Adobe made it a lot easier to find the .jar files to download. It seems that I have to waste a ton of time hunting around between various pages talking about the hotfix but not actually giving a download link for it.
• 10 rèm v?i // May 12, 2013 at 8:24 PM
  Wow...+1 to John's question. Which, if any, of these also affects CF8?
  
  CVE-2013-0625, CVE-2013-0629, CVE-2013-0631, CVE-2013-0632
  
  Thanks!

Leave a Comment

• ColdFusion eSeminar

• Live and on-demand ColdFusion eSeminars.

  Attend a free eSeminar to learn how to build engaging web applications using Adobe ColdFusion.

• Official Adobe ColdFusion page

• Adobe ColdFusion product page

  Visit official Adobe ColdFusion Product page on adobe.com.

• ColdFusion documentation

• ColdFusion 10 admin docs
  

  ColdFusion 10 CFML reference

  ColdFusion 10 developers guide

• ColdFusion forums

• ColdFusion server forums

  ColdFusion builder forums