Security Hot-Fix for ColdFusion - September 2012

September 11, 2012 / Shilpi Khariwal 5 Comments

  Security | Adobe ColdFusion | Adobe ColdFusion 10 | web application security

Today, a priority 2 update is released, addressing an important vulnerability in ColdFusion 10 and earlier. It also addresses this for ColdFusion 8.0.1 and ColdFusion 8. Adobe recommends to update the ColdFusion servers. Here is the link for security bulletin

This hot-fix addresses resolves a vulnerability which could result in a Denial of Service (DoS) attack - CVE-2012-2048. You should update your sandboxes to add GetPageContext() method in disabled functions list.

For ColdFusion 10, use updater to get this update. This is update 2 and it contains previous update 1 for ColdFusion 10.

The details can be found at tech-note here.

Note: This is the last Security Hot-Fix for ColdFusion 8.0.1 & 8.


5 comments so far ↓

  • 1 Myka // Sep 26, 2012 at 11:47 AM
    After we installed this update, our onError function started dumping an empty error struct.
    Message: [empty string]
    StaceTrace: java.lang.NullPointerException
    TagContext: Error - array[empty]
    Type: java.lang.NullPointerException

    What caused this and how can we fix it?
  • 2 Shilpi Khariwal // Sep 26, 2012 at 8:11 PM
    hi Myka,

    Is it possible to share the stack trace? It will help us find the cause faster. You can send it to shilpik@adobe.com or paste here.
  • 3 Myka // Sep 27, 2012 at 5:42 AM
    As I indicated above, the stack trace is just a java.lang.NullPointerException.
  • 4 Shilpi Khariwal // Sep 27, 2012 at 10:18 PM
    which is really weird. is there nothing in logs as well? and if the answer to the above is true, Is it possible to share the piece of code which is part of onError() ?
  • 5 mint34 // Nov 15, 2012 at 11:09 AM
    We are running CF 8.0.1, and after we installed the patch the ColdFusion Administrator stopped working. The website continues to work properly. Did this happen to anyone else?
    How do I access the CF Admin with this new patch applied?

    Thank you.

Leave a Comment

Leave this field empty:

Blue Mango Theme Design By Mark Aplet

Super Powered by Mango Blog