Adobe eliminates vulnerability in ColdFusion
A security fix has been issued for Adobe ColdFusion to eliminate a vulnerability that allows an attacker to circumvent access restrictions on the server. Adobe reports, however, that the vulnerability can only be exploited in a shared hosting environment.
ColdFusion 8, ColdFusion 8.0.1 and ColdFusion MX 7.0.2 Solution are affected. The Adobe security bulletin includes instructions for applying the patch.
See also:
- Update available for potential ColdFusion 8 privilege escalation issue, Adobe security bulletin
(djwm)