Release date: 2011-12-13
Updated on: 2011-12-14
Affected Systems:
Adobe ColdFusion 9.0.1
Adobe ColdFusion 9.0
Adobe ColdFusion 8.0.1
Adobe ColdFusion 8.0
Description:
--------------------------------------------------------------------------------
Bugtraq id: 51043
Cve id: CVE-2011-4368
Adobe ColdFusion is a dynamic Web server.
Adobe ColdFusion has a cross-site scripting vulnerability in the implementation of RDS. Attackers can exploit this vulnerability to execute arbitrary script code in the affected sites and steal Cookie authentication creden.
<* Source: Oren Hafif (ofer.maor@owasp.org)
Ernst & Young
Link: http://www.adobe.com/support/security/bulletins/apsb11-29.html
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Adobe
-----
Adobe has released a Security Bulletin (apsb11-29) and patches for this:
Apsb11-29: Security update: Hotfix available for ColdFusion
Link: http://www.adobe.com/support/security/bulletins/apsb11-29.html