Note: This technote and the attachments were updated on 05/21/2010. Review this technote again.
An issue when this security fix was applied with Cumulative Hot Fix 4 for ColdFusion 8.0.1 has been identified and resolved. A naming conflict caused this issue.
Vulnerability CVE-2010-1294, included in this security fix, now prevents unauthorized access to datasources via the Service Factory. This vulnerability possibly caused issues with certain frameworks/applications that were accessing datasources without proper authentication. The fix has been updated to correct these issues by allowing unauthenticated access to only the datasource connection. Details of the datasource are only allowed with authenticated access.
ColdFusion 9.0, 8.0.1 and 8.0 are affected with the issue mentioned in the security bulletin APSB10-11. This technote provides fixes for the security issues along with the installation instructions.