Today, a priority 2 update is released, addressing an important vulnerability in ColdFusion 9.0.1 and earlier. Adobe recommends to update the ColdFusion servers. Here is the link for security bulletin. 
This hot-fix addresses HTTP response splitting vulnerability in ColdFusion component browser - CVE-2012-2041
The details can be found at tech-note here.
Note: This issue does not affect ColdFusion 9.0.2 and 10
This hot-fix addresses HTTP response splitting vulnerability in ColdFusion component browser - CVE-2012-2041
The details can be found at tech-note here.
Note: This issue does not affect ColdFusion 9.0.2 and 10
 
 
Hi Shilpi,
ReplyDeleteI have a question. Is there a log for security violations, especially after applying hotfixes?
I believe those hotfixes come with new settings and parameters.
I found some problems in app, yet find it difficult to find which new CF settings to tune.
Thanks
Hi Paulus,
ReplyDeleteFor XSS related fixes there are some logs which go to server.log and esapiconfig.log for any violation. However can you share some details of the kind of problem you are facing?
Thanks!