Security holes allow gaining unauthorized server control
Adobe rolled out a security hotfix that addresses critical vulnerabilities in ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Mac and Unix.The security holes could allow unauthorized individuals to bypass authentication mechanisms and thus gain control of the server.
The company is aware that the weak points in the web application development platform are currently being exploited in the wild against ColdFusion customers and recommends applying the latest update.
With the current hotfix, Adobe eliminates a total of four vulnerabilities that permit an unauthorized user access to restricted directories, information disclosure from a compromised server and unauthorized and gaining administrative access.
Adobe labeled this patch with priority rating 1, which carries the recommendation to be installed within 72 hours since the exploitation of the vulnerabilities has been spotted in the wild.
Complete steps for applying the patch for all affected ColdFusion versions are available on this page.