Adobe
Sign in Privacy My Adobe

Cross-site scripting vulnerability in some CGI variables (ColdFusion MX 7)

Adobe Community Help


Products Affected

Contact support

Issue

A vulnerability has been identified that could allow an attacker to execute cross-site scripts by intercepting ColdFusion requests and modifying CGI variables.

Solution

  1. Download and unzip the hot fix. (3K)
  2. Open the ColdFusion MX Administrator and select the System Information page. Next to the Update File box, either:


    • Type in the file path, and then click Submit.



      OR



    • Click the Browse button, and then browse to the file you downloaded in step 1. Select the file, and then click Apply.
  3. Restart ColdFusion MX.

You do not need to retain the ColdFusion MX 7 hot fix JAR file after installing it with the ColdFusion MX Administrator. This process copies the file to the correct location.

The ColdFusion MX 7 hot fix JAR file will appear as a new entry on the System Information page.

You can uninstall ColdFusion hot fix JAR files by stopping the ColdFusion MX 7 Application Server service and deleting the respective JAR file from cf_root/lib/updates.

Additional Information

  • "ColdFusion hot fixes (MX 7 and higher)"(TechNote tn_17833)
Keywords: kb403212

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices   |   Online Privacy Policy

Products

Download

Support & Learning

Buy

Company

Choose your region

Copyright © 2013 Adobe Systems Incorporated. All rights reserved.

Terms of Use | Privacy | Cookies

Reviewed by TRUSTe: site privacy statement