Adobe Releases Tweaked Security Fix For ColdFusion

Although there may have been a little bit of confusion the first time around, a security fix released by Adobe is now completely ready to make ColdFusion users safer.  Adobe has resolved one small problem with the fix and all users would do well to apply the update at this point.

A little background information: as explained by a security bulletin, “Important vulnerabilities have been identified in ColdFusion 8.0, 8.0.1, 9.0 and earlier versions for Windows, Macintosh and UNIX.  The vulnerabilities could lead to cross-site scripting and information disclosure.”

It turned out that some sort of naming conflict cropped up when a fix was applied with Cumulative Hot Fix 4 for ColdFusion 8.0.1, though, which was unfortunate.

But a technote explained the problem and the solution, stating, “Vulnerability CVE-2010-1294, included in this security fix, now prevents unauthorized access to datasources via the Service Factory.  This may have caused issues with certain frameworks/applications that were accessing datasources without proper authentication.  The fix has been updated to correct these issues by allowing unauthenticated access to only the datasource connection.  Details of the datasource are only allowed with authenticated access.”

Granted, goofs like this aren’t exactly confidence-inspiring, and it’s hard to imagine that some ColdFusion users wouldn’t be happier if the security fix hadn’t proven necessary in the first place.  Still, the rapid application development platform is at least more secure for everyone now, and by releasing the fix, Adobe showed that it hasn’t forgotten about ColdFusion.

Doug Caverly
About Doug Caverly
Doug is a staff writer for WebProNews. Visit WebProNews for the latest eBusiness news.

One thought on “Adobe Releases Tweaked Security Fix For ColdFusion

  1. Adobe hasn’t forgotten CF? They just released a complete IDE for CF – announced details of CF901 – talked about CF10…. just released a security whitepaper for the server… how much more would they need to do to convince you they still think about it?

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>