Tuesday, December 13, 2011

New Security hot-fix for ColdFusion

Today, an important Security hot-fix was released for ColdFusion 9.0.1 and earlier. Adobe recommends to update the ColdFusion servers. Here is the link for security bulletin

This hot-fix addresses the following issues -

1. XSS attack with cfform tag (CVE-2011-2463): When action attribute was not specified for cfform tag, there is a possibility for XSS attack.

2. XSS attack with RDS (CVE-2011-4368)