Welcome!

Adobe Flex Authors: Matthew Lobas, PR.com Newswire, Shelly Palmer, Kevin Benedict

Related Topics: ColdFusion

ColdFusion: Article

Hotfixes Now Available for ColdFusion and JRun

Adobe patches critical vulnerabilities in ColdFusion v8.0.1 (and earlier versions) and JRun 4.0.

Critical vulnerabilities have been identified in ColdFusion v8.0.1 and earlier versions, and JRun 4.0. Adobe has now patched them with a Security Update released on August 17, 2009.

Here are the details, direct from Adobe's own Security Bulletin:

"Summary

Critical vulnerabilities have been identified in ColdFusion v8.0.1 and earlier versions, and JRun 4.0. These vulnerabilities could lead to the potential compromise of user accounts or the affected system.

Affected software versions

ColdFusion 8.0.1 and earlier versions
JRun 4.0

Solution

Adobe recommends affected ColdFusion and JRun customers update their installations using the links in the Details section below.

Severity rating

Adobe categorizes these as critical issues and recommends affected users patch their installations.

Details

Critical vulnerabilities have been identified in ColdFusion v8.0.1 and earlier versions, and JRun 4.0. These vulnerabilities could lead to the potential compromise of user accounts or the affected system.

An update for ColdFusion resolves a cross-site scripting vulnerability that could potentially lead to code execution (CVE-2009-1872).

An update for ColdFusion resolves a cross-site scripting vulnerability that could potentially lead to code execution (CVE-2009-1877).

ColdFusion users can find the appropriate links to fix CVE-2009-1872 and CVE-2009-1877 here:
Installation instructions for CVE-2009-1872 and CVE-2009-1877
CVE-2009-1872 and CVE-2009-1877 Hotfix for ColdFusion 7.0.2
CVE-2009-1872 and CVE-2009-1877 Hotfix for ColdFusion 8
CVE-2009-1872 and CVE-2009-1877 Hotfix for ColdFusion 8.0.1

An update for JRun resolves a management console directory traversal vulnerability that could potentially lead to information disclosure (CVE-2009-1873).

An update for JRun resolves multiple management console cross-site scripting vulnerabilities that could potentially lead to code execution (CVE-2009-1874).

JRun users can find the appropriate links to fix CVE-2009-1873 and CVE-2009-1874 here:
Installation instructions for CVE-2009-1873 and CVE-2009-1874
CVE-2009-1873 and CVE-2009-1874 Hotfix for JRun 4.0

An update for ColdFusion resolves multiple cross-site scripting vulnerabilities that could potentially lead to code execution (CVE-2009-1875).

ColdFusion users can find the appropriate links to fix CVE-2009-1875 here:
Installation instructions for CVE-2009-1875
CVE-2009-1875 Hotfix for ColdFusion 7.0.2, and hf702-1875.jar Hotfix for ColdFusion 7.0.2
CVE-2009-1875 Hotfix for ColdFusion 8, and hf800-1875.jar Hotfix for ColdFusion 8
CVE-2009-1875 Hotfix for ColdFusion 8.0.1, and hf801-1875.jar Hotfix for ColdFusion 8.0.1

An update for ColdFusion resolves a double-encoded null character vulnerability that could potentially lead to information disclosure (CVE-2009-1876).

ColdFusion users can find the appropriate links to fix CVE-2009-1876 here:
Installation instructions for CVE-2009-1876
CVE-2009-1876 Hotfix for ColdFusion

An update for ColdFusion resolves a session fixation vulnerability that could potentially lead to privilege escalation (CVE-2009-1878).

ColdFusion users can find the appropriate links to fix CVE-2009-1878 here:
Installation instructions for CVE-2009-1878
CVE-2009-1878 hf702-1878.jar Hotfix for ColdFusion 7.0.2
CVE-2009-1878 hf800-1878.jar Hotfix for ColdFusion 8
CVE-2009-1878 hf801-1878.jar Hotfix for ColdFusion 8.0.1

Acknowledgments

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers’ security.

More Stories By ColdFusion News Desk

CFDJ News Desk monitors the world of ColdFusion to present developers with updates on technology advances, new features and performance enhancements concerning ColdFusion, business trends, ColdFusion-related products, standards discussions, and industry commentary.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@ThingsExpo Stories
IoT is at the core or many Digital Transformation initiatives with the goal of re-inventing a company's business model. We all agree that collecting relevant IoT data will result in massive amounts of data needing to be stored. However, with the rapid development of IoT devices and ongoing business model transformation, we are not able to predict the volume and growth of IoT data. And with the lack of IoT history, traditional methods of IT and infrastructure planning based on the past do not app...
"Akvelon is a software development company and we also provide consultancy services to folks who are looking to scale or accelerate their engineering roadmaps," explained Jeremiah Mothersell, Marketing Manager at Akvelon, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
IoT is rapidly becoming mainstream as more and more investments are made into the platforms and technology. As this movement continues to expand and gain momentum it creates a massive wall of noise that can be difficult to sift through. Unfortunately, this inevitably makes IoT less approachable for people to get started with and can hamper efforts to integrate this key technology into your own portfolio. There are so many connected products already in place today with many hundreds more on the h...
More and more brands have jumped on the IoT bandwagon. We have an excess of wearables – activity trackers, smartwatches, smart glasses and sneakers, and more that track seemingly endless datapoints. However, most consumers have no idea what “IoT” means. Creating more wearables that track data shouldn't be the aim of brands; delivering meaningful, tangible relevance to their users should be. We're in a period in which the IoT pendulum is still swinging. Initially, it swung toward "smart for smart...
DXWorldEXPO LLC, the producer of the world's most influential technology conferences and trade shows has announced the 22nd International CloudEXPO | DXWorldEXPO "Early Bird Registration" is now open. Register for Full Conference "Gold Pass" ▸ Here (Expo Hall ▸ Here)
As data explodes in quantity, importance and from new sources, the need for managing and protecting data residing across physical, virtual, and cloud environments grow with it. Managing data includes protecting it, indexing and classifying it for true, long-term management, compliance and E-Discovery. Commvault can ensure this with a single pane of glass solution – whether in a private cloud, a Service Provider delivered public cloud or a hybrid cloud environment – across the heterogeneous enter...
The Jevons Paradox suggests that when technological advances increase efficiency of a resource, it results in an overall increase in consumption. Writing on the increased use of coal as a result of technological improvements, 19th-century economist William Stanley Jevons found that these improvements led to the development of new ways to utilize coal. In his session at 19th Cloud Expo, Mark Thiele, Chief Strategy Officer for Apcera, compared the Jevons Paradox to modern-day enterprise IT, examin...
DXWorldEXPO LLC announced today that ICC-USA, a computer systems integrator and server manufacturing company focused on developing products and product appliances, will exhibit at the 22nd International CloudEXPO | DXWorldEXPO. DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City. ICC is a computer systems integrator and server manufacturing company focused on developing products and product appliances to meet a wide range of ...
Headquartered in Plainsboro, NJ, Synametrics Technologies has provided IT professionals and computer systems developers since 1997. Based on the success of their initial product offerings (WinSQL and DeltaCopy), the company continues to create and hone innovative products that help its customers get more from their computer applications, databases and infrastructure. To date, over one million users around the world have chosen Synametrics solutions to help power their accelerated business or per...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science," is responsible for setting the strategy and defining the Big Data service offerings and capabilities for EMC Global Services Big Data Practice. As the CTO for the Big Data Practice, he is responsible for working with organizations to help them identify where and how to start their big data journeys. He's written several white papers, is an avid blogge...
We are seeing a major migration of enterprises applications to the cloud. As cloud and business use of real time applications accelerate, legacy networks are no longer able to architecturally support cloud adoption and deliver the performance and security required by highly distributed enterprises. These outdated solutions have become more costly and complicated to implement, install, manage, and maintain.SD-WAN offers unlimited capabilities for accessing the benefits of the cloud and Internet. ...
Charles Araujo is an industry analyst, internationally recognized authority on the Digital Enterprise and author of The Quantum Age of IT: Why Everything You Know About IT is About to Change. As Principal Analyst with Intellyx, he writes, speaks and advises organizations on how to navigate through this time of disruption. He is also the founder of The Institute for Digital Transformation and a sought after keynote speaker. He has been a regular contributor to both InformationWeek and CIO Insight...
Join IBM November 1 at 21st Cloud Expo at the Santa Clara Convention Center in Santa Clara, CA, and learn how IBM Watson can bring cognitive services and AI to intelligent, unmanned systems. Cognitive analysis impacts today’s systems with unparalleled ability that were previously available only to manned, back-end operations. Thanks to cloud processing, IBM Watson can bring cognitive services and AI to intelligent, unmanned systems. Imagine a robot vacuum that becomes your personal assistant tha...
"MobiDev is a software development company and we do complex, custom software development for everybody from entrepreneurs to large enterprises," explained Alan Winters, U.S. Head of Business Development at MobiDev, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
I think DevOps is now a rambunctious teenager - it's starting to get a mind of its own, wanting to get its own things but it still needs some adult supervision," explained Thomas Hooker, VP of marketing at CollabNet, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
Recently, WebRTC has a lot of eyes from market. The use cases of WebRTC are expanding - video chat, online education, online health care etc. Not only for human-to-human communication, but also IoT use cases such as machine to human use cases can be seen recently. One of the typical use-case is remote camera monitoring. With WebRTC, people can have interoperability and flexibility for deploying monitoring service. However, the benefit of WebRTC for IoT is not only its convenience and interopera...
Cloud-enabled transformation has evolved from cost saving measure to business innovation strategy -- one that combines the cloud with cognitive capabilities to drive market disruption. Learn how you can achieve the insight and agility you need to gain a competitive advantage. Industry-acclaimed CTO and cloud expert, Shankar Kalyana presents. Only the most exceptional IBMers are appointed with the rare distinction of IBM Fellow, the highest technical honor in the company. Shankar has also receive...
It is of utmost importance for the future success of WebRTC to ensure that interoperability is operational between web browsers and any WebRTC-compliant client. To be guaranteed as operational and effective, interoperability must be tested extensively by establishing WebRTC data and media connections between different web browsers running on different devices and operating systems. In his session at WebRTC Summit at @ThingsExpo, Dr. Alex Gouaillard, CEO and Founder of CoSMo Software, presented ...
WebRTC is great technology to build your own communication tools. It will be even more exciting experience it with advanced devices, such as a 360 Camera, 360 microphone, and a depth sensor camera. In his session at @ThingsExpo, Masashi Ganeko, a manager at INFOCOM Corporation, introduced two experimental projects from his team and what they learned from them. "Shotoku Tamago" uses the robot audition software HARK to track speakers in 360 video of a remote party. "Virtual Teleport" uses a multip...
Business professionals no longer wonder if they'll migrate to the cloud; it's now a matter of when. The cloud environment has proved to be a major force in transitioning to an agile business model that enables quick decisions and fast implementation that solidify customer relationships. And when the cloud is combined with the power of cognitive computing, it drives innovation and transformation that achieves astounding competitive advantage.