ColdFusion 10, ColdFusion 9.0.2, ColdFusion 9.0.1, ColdFusion 9.0, ColdFusion 8.0.1, and ColdFusion 8 are affected with vulnerabilities mentioned in the security bulletin APSB12-21. This article provides fixes for the security issues mentioned in the bulletin along with installation instructions.
In the following procedures, {ColdFusion-Home} indicates the following:
Note: CFIDE.zip and WEB-INF.zip included in the hot fix contain only part of the CFIDE and WEB-INF files. Do not rename present CFIDE and WEB-INF folders, as per the instructions.
Use these instructions if you have previously applied Security Hotfix APSB12-15.
Use these instructions if you have not applied Security Hotfix APSB12-15.
If you have not applied ColdFusion 10 Mandatory Update, then please apply it first in order to apply ColdFusion 10 Update 2.
Follow the instructions in the security bulletin APSB11-15 to apply the fix.
If you installed the hot fix for ColdFusion 9 or 8, and then upgraded to ColdFusion 9.0.1 or 8.0.1, respectively, apply the security hot fix for the update.
Note:
For previous ColdFusion Security hot fixes, see the Security bulletins and advisories page.
This is last security fix for ColdFusion 8 and ColdFusion 8.0.1. For more information, visit: End of Core Support.
Sign in to your account