ColdFusion 10, ColdFusion 9.0.2, ColdFusion 9.0.1, and ColdFusion 9.0 are affected with the vulnerabilities mentioned in the security bulletin APSB13-19. This article (release date, July 9 2013) provides fixes for the security issues mentioned in the bulletin, along with the installation instructions.
In ColdFusion 10, use the hot fix installer to apply this update (ColdFusion 10 Update 11). ColdFusion 10 Update 11 is a cumulative update. That is, it includes all the bug fixes from the previous updates of ColdFusion 10. This update addresses an important security fix in addition to several other bug fixes. For more details, see this article.
If you have not applied the ColdFusion 10 Mandatory Update, then apply it before applying this update. This step is not required if ColdFusion 10 build number is greater than 282462.
This security hot fix is valid only for ColdFusion versions 9.0, 9.0.1 and 9.0.2 deployed on JRun.
Follow the instructions in the security bulletin APSB11-15 to apply the fix.
For previous ColdFusion security hot fixes, see the Security bulletins and advisories page.