Careful applying CF11u16, CF2016u8, CF2018u2

coldfusion Update: Adobe has released CF11 Update 17 and ColdFusion 2016 Update 9 to address problems outlined in this blog entry.

Adobe released new security updates and bug fixes for ColdFusion 11, 2016 and 2018 this week.

This entry was:

Setup ColdFusion 9.0.1 Fully Patched

coldfusion Adobe this week released a security hotfix for the HashDos vulnerability for ColdFusion versions 8.0 through 9.0.1. Today I was setting up a new secure ColdFusion instance for a client, and I though I'd document the steps needed to go from ColdFusion 9.0 to ColdFusion 9.0.

This entry was:

HackMyCF Updated for APSB11-29 Security Hotfix

coldfusion Adobe released a security hotfix APSB11-29 for ColdFusion 8 and 9 on Tuesday, which fixes two XSS (Cross Site Scripting) vulnerabilities (CVE-2011-2463 and CVE-2011-4368). One vulnerability exists in cfform and the other in RDS.

This entry was:

Recent ColdFusion Security Hotfix Updated Today

coldfusion Adobe has updated the security hotfix that was released last month (February 2011) APSB11-04. The technote states that all users should re-apply the hotfix:

Adobe has received a few issues with the Security Hot fix released on February 8, 2011.

This entry was:

Path Traversal Vulnerability Security Hotfix for ColdFusion Released

coldfusion Adobe released a security hotfix for a path traversal vulnerability in ColdFusion administrator (CVE-2010-2861, APSB10-18). On the Adobe security bulletin page it lists affected software versions: ColdFusion 8.0, 8.0.1, 9.0, 9.0.1 and earlier versions for Windows, Macintosh and UNIX.

This entry was:

ColdFusion wsconfig Hotfix CVE-2009-1876 is for Apache Only

coldfusion There has been some confusion over the ColdFusion web server connector (wsconfig.jar) hotfix CVE-2009-1876 which is part of Adobe Security Bulletin APSB09-12.

Whether or not this hotfix is required on IIS has been a question posed by many.

This entry was:

ColdFusion Security Hotfixes Released

coldfusion Adobe posted several critical hotfixes for ColdFusion and JRun yesterday in Security Bulletin APSB09-12.

I discovered one of the XSS vulnerabilities, and I will post details about it soon. In the mean time, please patch your servers.

This entry was:


did you hack my cf?