20 November 2012, 09:31
Hotfix for ColdFusion 10 DoS vulnerability
Adobe has released a hotfix for the Windows version of its ColdFusion application server that closes an unspecified denial-of-service vulnerability. The vulnerability is present in ColdFusion 10 Update 1 to Update 4 and is exposed when ColdFusion is used with a connector to Windows Internet Information Services (IIS).
The hotfix is packaged as ColdFusion 10 Update 5 and requires that a ColdFusion Mandatory Update is installed first. The update includes all previous ColdFusion 10 updates. Adobe has given the update a priority 2 rating, which means that, while the application is a popular target for attacks, there are no known exploits for the flaw in the wild. Adobe recommends updating within the next 30 days.
(djwm)
Print Version | Send by email
| Permalink: http://h-online.com/-1753099
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
