MA-189.082009: MyCERT Alert - Multiple Critical Vulnerabilities in Adobe ColdFusion and Adobe JRun 1.0 Introduction Multiple critical vulnerabilities have been identified in Adobe ColdFusion and Adobe JRun. The vulnerabilities are as follow: - Adobe ColdFusion - Cross-site scripting vulnerability
- Adobe JRun - Management console directory traversal vulnerability
- Adobe JRun - Multiple management console cross-site scripting vulnerabilities
- Adobe ColdFusion - Multiple cross-site scripting vulnerabilities
- Adobe ColdFusion - Double-encoded null character vulnerability
- Adobe ColdFusion - Session fixation vulnerability
2.0 Impact By exploiting these vulnerabilities, an attacker could potentially obtain sensitive information, execute arbitrary code in the browser of an unsuspecting user in the context of the affected site, or control how the site is rendered to the user. In certain situations, it may also be possible for attacker to execute arbitrary code on the affected server. 3.0 Affected Products Below is the details list of vulnerable products and versions: - ColdFusion 8.0.1 and earlier versions
- JRun 4.0
4.0 Recommendation MyCERT recommends that users of these applications upgrade to the latest version or apply the hotfix based on the installed application and version. For Adobe ColdFusion 7.0.2 For Adobe ColdFusion 8 For Adobe ColdFusion 8.0.1 For Adobe JRun 4.0 You can find more information by visiting Adobe Security Bulletin at the following URL: MyCERT would also like to advise the users of these applications to be updated with the latest security announcements by the vendor. MyCERT can be reached through the following channels: E-mail: cyber999@cybersecurity.my or mycert@mycert.org.my
Phone: +603 89926969 or 1-300-88-2999 (monitored during business hours)
Fax: +603 89453442
Handphone: +60 19 2665850 (24x7 call incident reporting)
SMS: +60 19 2813801 (24x7 SMS reporting)
Business Hours: Mon - Fri 08:30 -17:30 MYT
Web: http://www.mycert.org.my 5.0 References |
