Feeds:
Posts
Comments

Archive for April 2nd, 2021

Adobe has reported a “critical” security issue with the latest versions of ColdFusion, although the page titled “Security updates available for Adobe ColdFusion | APSB21-16” currently does not give many details.

At work we’re still running ColdFusion 11, and that version is not mentioned in the report (probably because it is already out of support). Nevertheless I would to know whether CF11 is also concerned by this issue – if only to tell our IT security office that we have no problem with vulnerability CVE-2021-21087 in our configuration ;-)

The only information I have found so far is unofficial: if I understand things correctly, Dave Walker is telling us that the error is an unchecked input in the CFAJAX package:

Click the image to see the original tweet

The offending line…? (Source: Dave’s Twitter feed)

I would love to see confirmation of that, and I wonder: do earlier versions of ColdFusion already contain the same error?

Read Full Post »