
Vulnerabilities in Adobe ColdFusion
Company Adobe released a security update for its scripting language ColdFusion.
According to the message of developers, at the time of emergence of updatings the corrected vulnerabilities actively were operated by malicious software in such versions of the program, as 10, 9.0.2, 9.0.1 and 9 for the Windows, Mac OS X and UNIX operating systems.
Let’s remind, earlier the company already reported that these gaps allow the removed malefactor to bypass the authentication mechanism, to get access to the protected directories, and also complete control over system. All eliminated Adobe of vulnerability contain in ColdFusion of versions 9.x. Thus two gaps are present also at version 10 ColdFusion.
Developers company recommends users install the security update as soon as possible. To this end, the company has published instructions on set of updates that as a result of disconnected RDS service (default).
More information about the vulnerability description here.
Hotfix available for ColdFusion: http://www.adobe.com/support/security/bulletins/apsb13-03.html