Hotfixes for ColdFusion and JRun

coldfusionAdobe system has released updates covering vulnerabilities in two application widely used for web development. Some vulnerability allows an attacker to steal sensitive information or gain a complete control over user’s machines.

Seven patches are related to ColdFusion v8.0.1 and earlier versions, and JRun 4.0. The most serious bug is related to cross-site scripting in which an attacker can execute a malicious code on the victim computer.

Other updates are to fix the management console access. This hole allows unauthorized user to bypass the restrictions on the private directories, on Tuesday there is an example of the link that can exploit this vulnerability which is approximately as follows:

http://[server]/server/[profile]/logging/logviewer.jsp?logfile=../../../../../../../boot.ini

Three weeks ago security specialists at adobe had also released a patch for Flash player a bug that offered criminals a way to hack user’s machine. Last month there were also a patch for ColdFusion a hole that offered attackers a way to compromise a large number of websites.

Well the company reported that it was unaware of the real exploit existence and released a security bulletin study for this bug.

make sure you subscribe to my RSS feed!

Share
You can leave a response, or trackback from your own site.