A vulnerability has been identified that could allow an attacker to execute cross-site scripts by intercepting ColdFusion requests and modifying CGI variables.
You do not need to retain the ColdFusion MX 7 hot fix JAR file after installing it with the ColdFusion MX Administrator. This process copies the file to the correct location.
The ColdFusion MX 7 hot fix JAR file will appear as a new entry on the System Information page.
You can uninstall ColdFusion hot fix JAR files by stopping the ColdFusion MX 7 Application Server service and deleting the respective JAR file from cf_root/lib/updates.
- "ColdFusion hot fixes (MX 7 and higher)"(TechNote tn_17833)