Menu
Adobe patches critical vulnerability in ColdFusion application server

Adobe patches critical vulnerability in ColdFusion application server

The flaw can be exploited to expose sensitive information

Adobe Systems released critical security patches for its ColdFusion application server, which has been a target for hackers in the past.

The updates are available for ColdFusion versions 10 and 11 and address a critical security vulnerability that could lead to sensitive information disclosure when parsing specially crafted XML entities.

Administrators are advised to upgrade their ColdFusion deployments to version 10 update 21 or version 11 update 10, depending on which branch they're using. The ColdFusion 2016 release is not affected, Adobe said in a security advisory.

The vulnerability was reportedly privately to Adobe by a security researcher named Dawid Golunski, and the company is not aware of any attacks in the wild that exploit the flaw.

ColdFusion is a platform for creating and serving interactive web applications using the CFML scripting language. It is popular in the enterprise space because it allows the rapid development of applications.

ColdFusion servers have been targeted by attackers in the past. In 2013, researchers reported an attack where hackers exploited a ColdFusion vulnerability to install malware on Microsoft IIS servers.

That same year, a server hosting firm called Linode was compromised through a ColdFusion flaw, and Adobe issued two advisories about vulnerabilities in the web application server that were being exploited by attackers.


Follow Us

Join the newsletter!

Or
Error: Please check your email address.

Featured

Slideshows

Bumper channel crowd kicks off first After Hours of 2018

Bumper channel crowd kicks off first After Hours of 2018

After Hours made a welcome return to the channel social calendar with a bumper crowd of partners, distributors and vendors descending on The Jefferson in Auckland to kick-start 2018. Photos by Gino Demeer.

Bumper channel crowd kicks off first After Hours of 2018
Looking back at the top 15 M&A deals in NZ during 2017

Looking back at the top 15 M&A deals in NZ during 2017

In 2017, merger and acquisitions fever reached new heights in New Zealand, with a host of big name deals dominating the headlines. Reseller News recaps the most important transactions of the Kiwi channel during the past 12 months.

Looking back at the top 15 M&A deals in NZ during 2017
Kiwi channel closes 2017 with After Hours

Kiwi channel closes 2017 with After Hours

The channel in New Zealand came together to celebrate the close of 2017, as the final After Hours played out in front of a bumper Auckland crowd.

Kiwi channel closes 2017 with After Hours
Show Comments