14 DAY TRIAL // A security advisory released by Adobe on Wednesday reveals that a critical vulnerability has been identified in ColdFusion. The flaw can be exploited by an unauthorized user to remotely retrieve files stored on a server.
ColdFusion 10, 9.0.2, 9.0.1 and 9.0 and earlier versions for Windows, Macintosh and Linux are impacted.
Adobe warns that an exploit for the issue has already been seen in the wild.
An update for the security hole is expected to be released on May 14. In the meantime, users can protect themselves against attacks by restricting public access to the following directories: CFIDE/administrator, CFIDE/adminapi and CFIDE/gettingstarted.
ColdFusion vulnerabilities are often exploited by cybercriminals to breach companies. The Linode hack also relied on a recently patched ColdFusion security hole.
In addition to this ColdFusion update, on May 14, Adobe will also patch a tracking bug in Reader and Acrobat.