Tuesday, June 12, 2012

Security Hot-Fix released for ColdFusion - June 2012

Today, a priority 2 update is released, addressing an important vulnerability in ColdFusion 9.0.1 and earlier. Adobe recommends to update the ColdFusion servers. Here is the link for security bulletin

This hot-fix addresses HTTP response splitting vulnerability in ColdFusion component browser - CVE-2012-2041

The details can be found at tech-note here.

Note: This issue does not affect ColdFusion 9.0.2 and 10


  1. Hi Shilpi,

    I have a question. Is there a log for security violations, especially after applying hotfixes?
    I believe those hotfixes come with new settings and parameters.

    I found some problems in app, yet find it difficult to find which new CF settings to tune.


  2. Hi Paulus,

    For XSS related fixes there are some logs which go to server.log and esapiconfig.log for any violation. However can you share some details of the kind of problem you are facing?



You can subscribe to the comments by licking on "Subscribe by email".