Monthly Archives: September 2019

Update ColdFusion now! Emergency patch for critical flaws – Naked Security

Adobe has rushed out fixes for three vulnerabilities in its ColdFusion web development platform, two of which have been given the top billing of ‘critical’. The flaws affect ColdFusion 2018 version 4 and earlier, and ColdFusion 2016 version 11 and earlier. The first critical flaw is CVE-2019-8073, and is described as allowing “command injection via vulnerable component” leading to arbitrary code execution (ACE). The second critical flaw is CVE-2019-8074, a path traversal vulnerability allowing an access control bypass. The final vulnerability, rated ‘important’, is CVE-2019-8072, a security bypass leading to information disclosure. Because this is an ‘out of band’ update – a polite way of saying it’s unexpected and urgent – Adobe offers only… Source link

Read More »

Adobe issues emergency patch for critical ColdFusion vulnerabilities

Charlie Osborne 25 September 2019 at 13:43 UTC Updated: 08 October 2019 at 13:48 UTC Users are being urged to update their builds to resolve three serious security flaws Adobe has released an out-of-band patch to quickly resolve a trio of security vulnerabilities in ColdFusion, two of which are deemed critical. Adobe said in a security advisory that ColdFusion 2016 and 2018 on all platforms are affected. The web application development platform’s emergency patch, released on Tuesday (September 24), addresses potential malicious code execution, access control bypass, and data leaks. The first vulnerability, and arguably the most dangerous, is CVE-2019-8073. The critical security flaw is a… Source link

Read More »

Adobe Unscheduled Update Fixes Critical ColdFusion Flaws – Threatpost

Overall, Adobe released three patches – one for an “important” flaw and two for critical flaws –in the 2016 and 2018 versions of ColdFusion. Adobe has issued an unscheduled security update that fixes two critical flaws in its ColdFusion product. The critical vulnerabilities could enable an attacker to either execute arbitrary code or bypass access control on impacted systems. Overall, Adobe released three patches – one for an “important” flaw and two for critical flaws –in the 2016 and 2018 versions of the ColdFusion commercial rapid web-application development platform. “Adobe recommends users update their product installations to the latest versions using the instructions… Source link

Read More »