PROBLEM:
Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service
PLATFORM:
ColdFusion 10, 9.0.2, 9.0.1, 9.0, 8.0.1, and 8.0 for Windows, Macintosh and UNIX
ABSTRACT:
Adobe ColdFusion is prone to a remote denial-of-service vulnerability.
reference LINKS:
Adobe Security bulletins and advisories
Adobe Vulnerability identifier: APSB12-21
SecurityTracker Alert ID: 1027516
Bugtraq ID: 55499
CVE-2012-2048
IMPACT ASSESSMENT:
Medium
Discussion:
Adobe has released a security hotfix for ColdFusion 10 and earlier versions for Windows, Macintosh and UNIX. This update resolves a vulnerability which could result in a Denial of Service condition. Adobe recommends users update their product installation.
Impact:
Attackers can exploit this issue to cause the affected application to crash. Arbitrary code execution may be possible; this has not been confirmed.
Solution:
Adobe recommends ColdFusion customers update their installation.