 |
 | ColdFusion HotFixes |  |
|
coldfusionsecurity.org
|
|
For anyone who maintains their own ColdFusion 7 or 8 server you should know that Adobe has just released updates to address recently discovered critical cross site scripting vulnerabilites in ColdFusion and Jrun servers. We have posted a summary of the new exploits and links at:
http://www.coldfusionsecurity.org/post.cfm/hotfixes-released-for-new-coldfusion-jrun-xss-exploits You can get the Adobe Hotfixes from: http://www.adobe.com/support/security/bulletins/apsb09-12.html UPDATE: We have posted a guide that can be printed for these applying these updates at: http://www.coldfusionsecurity.org/post.cfm/help-applying-coldfusion-hotfixes-for-vulnerability-apsb09-12 Regards, Mike G. |
|||||||||||
|
Last edited by coldfusionsecurity.org on Wed Aug 19, 2009 3:01 pm; edited 1 time in total
|
|||||||||||||
 |
| |
|
nathacof
Forum Admin
|
|
I made this thread sticky. Feel free to post future updates here as well!
 |
|||||||||||
|
|||||||||||||
|
| |
|
tedjtw
|
|
Hi,
I downloaded the patch, a zip file and looked inside. There is no .jar included, just a few _.cfm files and a new CFIDE folder. So how do you install? In admin I typed the path to the zip and ran the update. Got a message 'Server Updated'. Is that all ? Thanks |
|||||||||||
|
|||||||||||||
|
| |
|
coldfusionsecurity.org
|
|
@nathaniel thanks, hopefully it will be handy for anyone who might not get the security alerts from Adobe.
@tedjtw you need to download the .txt files (for every update) as well as they contain the directions for applying each update. Some of which involve manually replacing .cfm files while others are .jar's which can be applied using the administrator. |
|||||||||||
|
|||||||||||||
|
| |
|
tedjtw
|
|
Thanks for the info.
I suppose I should actually read what's on the Hot Fix page. |
|||||||||||
|
|||||||||||||
|
| |
|
coldfusionsecurity.org
|
|
@ted no problem, alot of server administrators are grumbling at the way this update was presented. We made it easier for ourselves by compiling a guide/checklist from all the Adobe instruction files (5 in total) and have released it to the public at:
http://www.coldfusionsecurity.org/post.cfm/help-applying-coldfusion-hotfixes-for-vulnerability-apsb09-12 |
|||||||||||
|
|||||||||||||
|
| |
|
tedjtw
|
|
Great, it's appreciated
The Adobe instructions were pretty confusing. I ran 1872-1877 and 1875 last night. I see that 1873-1874, 1878 and 1876 need to be done too. Just an FYI, I ran the updates on my test PC, a local copy of CF and IIS running on XP. One issue I found was in 1875 just copying the Application.cfm and index.cfm to CFIDE/Admin did not work. CF Admin could not find index.cfm, even though it was there. I finally opened the properties on the 2 .cfm files, went to Advanced, and unchecked the option of 'encrypt contents to secure data'. Now Admin found the files and ran OK. I'm running all patches 1) first to PC, 2) then to Test Server, 3) Finally to clients production. What a Pain.............. Thanks again for all the help. Any other issues I find I will post here. |
|||||||||||
|
|||||||||||||
|
 | ColdFusion HotFixes | |
|
||
|
|
|