In association with heise online

15 November 2007, 13:55

Security update for Adobe ColdFusion

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Adobe has issued a security bulletin regarding a vulnerability in ColdFusion MX 7 and ColdFusion 8. Applications running with these products can allow an attacker to hijack another user's session. The attacker would then have access to content on the server with the victim's privileges.

The bug can be exploited if the application places empty strings in the CFID or CFTOKEN session management cookies. All users then use the same session data. Applications which use J2EE session management are not affected. Adobe advises all administrators to install the update as soon as possible.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit