In association with heise online

18 August 2009, 09:23

Adobe patches ColdFusion and JRun

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Adobe has released patches for ColdFusion 7.02, 8.0, 8.0.1 and JRun 4.0 to prevent an attacker gaining unauthorised access to user accounts. The problem is caused by multiple cross-site scripting vulnerabilities.

Other patches fix a directory traversal vulnerability in the JRun Management Console which allowed arbitrary files to be retrieved from the server and a session fixation vulnerability in ColdFusion which could elevate privileges. Adobe classifies the errors as critical and recommends that the patches be installed as soon as possible.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit