ColdFusion 10, ColdFusion 9.0.2, ColdFusion 9.0.1, and ColdFusion 9.0 are affected with the vulnerabilities mentioned in the security bulletin APSB13-19. This article (release date, July 9 2013) provides fixes for the security issues mentioned in the bulletin, along with the installation instructions.

Solution

ColdFusion 10

In ColdFusion 10, use the hot fix installer to apply this update (ColdFusion 10 Update 11). ColdFusion 10 Update 11 is a cumulative update. That is, it includes all the bug fixes from the previous updates of ColdFusion 10. This update addresses an important security fix in addition to several other bug fixes. For more details, see this article.

Important note

If you have not applied the ColdFusion 10 Mandatory Update, then apply it before applying this update. This step is not required if ColdFusion 10 build number is greater than 282462.

ColdFusion 9.0.x

Installation   

1. Download 3329722.zip.
   
2. Extract the JAR file and copy it to {ColdFusion-Home}/runtime/servers/lib (for stand-alone installation) and {JRun-Home}/servers/lib (for Multiserver and J2EE installations).
3. Restart the ColdFusion/JRun instance.

Uninstallation

1. Remove jrun-hotfix-3329722.jar file from the {ColdFusion-Home}/runtime/servers/lib (for stand-alone installation) and {JRun-Home}/servers/lib (for Multiserver and J2EE installations).
2. Restart the ColdFusion/JRun service.

ColdFusion integrated/Installed with LCDS

Follow the instructions in the security bulletin APSB11-15 to apply the fix.