Menu
Adobe patches critical vulnerability in ColdFusion application server

Adobe patches critical vulnerability in ColdFusion application server

The flaw can be exploited to expose sensitive information

Adobe Systems released critical security patches for its ColdFusion application server, which has been a target for hackers in the past.

The updates are available for ColdFusion versions 10 and 11 and address a critical security vulnerability that could lead to sensitive information disclosure when parsing specially crafted XML entities.

Administrators are advised to upgrade their ColdFusion deployments to version 10 update 21 or version 11 update 10, depending on which branch they're using. The ColdFusion 2016 release is not affected, Adobe said in a security advisory.

The vulnerability was reportedly privately to Adobe by a security researcher named Dawid Golunski, and the company is not aware of any attacks in the wild that exploit the flaw.

ColdFusion is a platform for creating and serving interactive web applications using the CFML scripting language. It is popular in the enterprise space because it allows the rapid development of applications.

ColdFusion servers have been targeted by attackers in the past. In 2013, researchers reported an attack where hackers exploited a ColdFusion vulnerability to install malware on Microsoft IIS servers.

That same year, a server hosting firm called Linode was compromised through a ColdFusion flaw, and Adobe issued two advisories about vulnerabilities in the web application server that were being exploited by attackers.


Follow Us

Join the newsletter!

Error: Please check your email address.

Featured

Slideshows

Kiwi channel closes 2017 with After Hours

Kiwi channel closes 2017 with After Hours

The channel in New Zealand came together to celebrate the close of 2017, as the final After Hours played out in front of a bumper Auckland crowd.

Kiwi channel closes 2017 with After Hours
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP honoured leading partners across the channel at the Partner Awards 2017 in New Zealand, recognising excellence across the entire print and personal systems portfolio.

Meet the top performing HP partners in NZ
Tech industry comes together as Lexel celebrates turning 30

Tech industry comes together as Lexel celebrates turning 30

Leading figures within the technology industry across New Zealand came together to celebrate 30 years of success for Lexel Systems, at a milestone birthday occasion at St Matthews in the City.​

Tech industry comes together as Lexel celebrates turning 30
Show Comments