Network Security, Patch/Configuration Management, Vulnerability Management

Hot & Cold: Adobe apples hotfixes to ColdFusion to help prevent XSS exploit


Adobe Systems on Tuesday issued a series of hotfixes that addresses an input validation flaw in multiple versions of its ColdFusion web application development platform. The software developer also resolved a java deserialization error in its Apache BlazeDS Java remoting and web messaging technology.

According to an Adobe security bulletin, the vulnerability in ColdFusion, officially designated CVE-2017-3008, could be potentially exploited across all platforms in reflected cross-site scripting attacks. The bug is found in ColdFusion's 2016 release (Update 3 and earlier), as well as versions 11 (Update 11 and earlier) and 10 (Update 22 and earlier).

Adobe has credited "Lion" with discovering the ColdFusion vulnerability and Moritz Bechler with reporting the Apache BlazeDS vulnerability (designated CVE-2017-3066).

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.