14 DAY TRIAL // Adobe identified a major security hole, ranked as priority 2, in the Windows, Mac, and UNIX versions of ColdFusion 9.0.1 and earlier variants.
To ensure that customers are not affected by the potential denial-of-service (DOS) attack that can be launched by cybercriminals who rely on this flaw, a hotfix has been released. A potential attack can be initiated by using a hash algorithm collision.
The hotfix provided by Adobe mitigates the effects of this important severity issue, which is why ColdFusion customers are advised to immediately update their products.
Priority 2 issues refer to vulnerabilities that are not currently exploited in the wild, but which have been cataloged in the past as being high risk.
The company also provides detailed instructions on how the hotfix can be applied for different software versions.
ColdFusion Security Hotfix APSB12-06 is available here.