You are here

U-257: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service

September 12, 2012 - 6:00am

Addthis

PROBLEM:

Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service

PLATFORM:

ColdFusion 10, 9.0.2, 9.0.1, 9.0, 8.0.1, and 8.0 for Windows, Macintosh and UNIX

ABSTRACT:

Adobe ColdFusion is prone to a remote denial-of-service vulnerability.

reference LINKS:

Adobe Security bulletins and advisories
Adobe Vulnerability identifier: APSB12-21
SecurityTracker Alert ID:  1027516
Bugtraq ID:  55499 
CVE-2012-2048

IMPACT ASSESSMENT:

Medium

Discussion:

Adobe has released a security hotfix for ColdFusion 10 and earlier versions for Windows, Macintosh and UNIX. This update resolves a vulnerability which could result in a Denial of Service condition. Adobe recommends users update their product installation.

Impact:

Attackers can exploit this issue to cause the affected application to crash. Arbitrary code execution may be possible; this has not been confirmed.

Solution:

Adobe recommends ColdFusion customers update their installation.

Addthis