Menu
Adobe patches critical vulnerability in ColdFusion application server

Adobe patches critical vulnerability in ColdFusion application server

The flaw can be exploited to expose sensitive information

Adobe Systems released critical security patches for its ColdFusion application server, which has been a target for hackers in the past.

The updates are available for ColdFusion versions 10 and 11 and address a critical security vulnerability that could lead to sensitive information disclosure when parsing specially crafted XML entities.

Administrators are advised to upgrade their ColdFusion deployments to version 10 update 21 or version 11 update 10, depending on which branch they're using. The ColdFusion 2016 release is not affected, Adobe said in a security advisory.

The vulnerability was reportedly privately to Adobe by a security researcher named Dawid Golunski, and the company is not aware of any attacks in the wild that exploit the flaw.

ColdFusion is a platform for creating and serving interactive web applications using the CFML scripting language. It is popular in the enterprise space because it allows the rapid development of applications.

ColdFusion servers have been targeted by attackers in the past. In 2013, researchers reported an attack where hackers exploited a ColdFusion vulnerability to install malware on Microsoft IIS servers.

That same year, a server hosting firm called Linode was compromised through a ColdFusion flaw, and Adobe issued two advisories about vulnerabilities in the web application server that were being exploited by attackers.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

​Ingram Micro’s Hooked on Lenovo incentive programme recently rewarded 28 of New Zealand's top performing resellers with a full-on fishing trip at Great Barrier Island for the third year​ in a row.

Tight lines as Hooked on Lenovo catches up at Great Barrier Island
Inside the AWS Summit in Sydney

Inside the AWS Summit in Sydney

As the dust settles on the 2017 AWS Summit in Sydney, ARN looks back an action packed two-day event, covering global keynote presentations, 80 breakout sessions on the latest technology solutions, and channel focused tracks involving local cloud stories and insights.

Inside the AWS Summit in Sydney
Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Ingram Micro hosted its third annual Cure Kids Charity Golf Tournament at the North Shore Golf Club in Auckland. In total, 131 resellers, vendors and Ingram Micro suppliers enjoyed a round of golf consisting of challenges on each of the 18 sponsored holes, with Team Philips taking out the top honours.

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day
Show Comments