Today, a priority 2 update is released, addressing an important vulnerability in ColdFusion 10 and earlier. It also addresses this for ColdFusion 8.0.1 and ColdFusion 8. Adobe recommends to update the ColdFusion servers. Here is the link for security bulletin.
This hot-fix addresses resolves a vulnerability which could result in a Denial of Service (DoS) attack - CVE-2012-2048. You should update your sandboxes to add GetPageContext() method in disabled functions list.
For ColdFusion 10, use updater to get this update. This is update 2 and it contains previous update 1 for ColdFusion 10.
The details can be found at tech-note here.
Note: This is the last Security Hot-Fix for ColdFusion 8.0.1 & 8.
Leave a Comment