Menu
Adobe patches critical vulnerability in ColdFusion application server

Adobe patches critical vulnerability in ColdFusion application server

The flaw can be exploited to expose sensitive information

Adobe Systems released critical security patches for its ColdFusion application server, which has been a target for hackers in the past.

The updates are available for ColdFusion versions 10 and 11 and address a critical security vulnerability that could lead to sensitive information disclosure when parsing specially crafted XML entities.

Administrators are advised to upgrade their ColdFusion deployments to version 10 update 21 or version 11 update 10, depending on which branch they're using. The ColdFusion 2016 release is not affected, Adobe said in a security advisory.

The vulnerability was reportedly privately to Adobe by a security researcher named Dawid Golunski, and the company is not aware of any attacks in the wild that exploit the flaw.

ColdFusion is a platform for creating and serving interactive web applications using the CFML scripting language. It is popular in the enterprise space because it allows the rapid development of applications.

ColdFusion servers have been targeted by attackers in the past. In 2013, researchers reported an attack where hackers exploited a ColdFusion vulnerability to install malware on Microsoft IIS servers.

That same year, a server hosting firm called Linode was compromised through a ColdFusion flaw, and Adobe issued two advisories about vulnerabilities in the web application server that were being exploited by attackers.


Follow Us

Join the newsletter!

Or
Error: Please check your email address.

Featured

Slideshows

Ingram Micro launches Showcase 2018 in Christchurch

Ingram Micro launches Showcase 2018 in Christchurch

Ingram Micro kickstarted Showcase 2018 in Christchurch, hosting more than 40 vendors at Horncastle Arena. Under the banner of Leading the Way, the event demonstrated what’s new, what’s next and how it can be used to improve business and everyday life.

Ingram Micro launches Showcase 2018 in Christchurch
Data breach notification laws in NZ: How can partners prepare?

Data breach notification laws in NZ: How can partners prepare?

This exclusive Reseller News Roundtable outlined the responsibilities facing security partners today, assessing risk while evaluating the role of the vendor in providing added layers of protection.

Data breach notification laws in NZ: How can partners prepare?
Show Comments