This article is more than 1 year old

Still using ColdFusion? Really? Well, you'll want to install this patch

Adobe patches data-slurping flaw in web app builder

Adobe is advising users and administrators running ColdFusion to patch their software following the release of a security fix for an information disclosure vulnerability.

The ColdFusion HotFix addresses a vulnerability in the handling of XML data for ColdFusion 10 and 11.

Both patches address a single CVE-listed security vulnerability, CVE-2015-3269. The flaw, if exploited, would allow an attacker to potentially view files on the targeted system, leading to information disclosure.

Adobe has listed both versions of the hotfix as "2" priorities, a designation commonly given to non-critical bugs that are not likely to be targeted in the wild immediately. In general, Adobe suggests such updates be installed within the next 30 days.

By comparison, Adobe's typical Flash security updates are generally given "1" priorities and installation is recommended within 72 hours due to the high likelihood that the flaw would be targeted in the wild for remote code execution.

The hotfix patch can be downloaded through Adobe's security page. ®

More about

TIP US OFF

Send us news


Other stories you might like