Adobe patches ColdFusion and JRun
Adobe has released patches for ColdFusion 7.02, 8.0, 8.0.1 and JRun 4.0 to prevent an attacker gaining unauthorised access to user accounts. The problem is caused by multiple cross-site scripting vulnerabilities.
Other patches fix a directory traversal vulnerability in the JRun Management Console which allowed arbitrary files to be retrieved from the server and a session fixation vulnerability in ColdFusion which could elevate privileges. Adobe classifies the errors as critical and recommends that the patches be installed as soon as possible.
See also:
- Security Update: Hotfixes available for ColdFusion and JRun, bulletin from Adobe
- Description of XSS Vulnerabilities, from Digital Research Group
(djwm)