Matt Gifford aka coldfumonkeh | Consultant Developer
View Github Profile

ColdFusion Security Hotfix

Nov 13, 2013

Yesterday (12th November 2013) a new hotfix was released with security updates applicable to ColdFusion versions 10, 9.0.2, 9.0.1 and 9 for Windows, Mac and Linux.

To quote the official bulletin, "this hotfix addresses a reflected cross site scripting vulnerability that could be exploited by a remote, authenticated user on ColdFusion 10 and earlier when the CFIDE directory is exposed. "

If your ColdFusion 10 server is behind a firewall or you are unable to access / use the automatic update feature there are instructions on how to implement the update manually here: . Look for the section titled "What can be done if the ColdFusion server is behind the firewall and can't access the Adobe's Update site URL?"

I would also strongly recommend reading the ColdFusion server lockdown guides:

Latest Blog Posts

Jul 16, 2020
Github Actions with CommandBox and TestBox
Read More
Jul 9, 2020
Azure pipelines with CommandBox and TestBox
Read More
Dec 23, 2019
CFML content moderation detection component library
Read More