ColdFusion 11, ColdFusion 10, ColdFusion 9.0.2, ColdFusion 9.0.1, and ColdFusion 9.0 are affected with the vulnerabilities mentioned in the security bulletin APSB14-23. This article provides fixes for the security issue mentioned in the bulletin, along with the installation instructions.
In ColdFusion 11, use the hot fix installer to apply this update (ColdFusion 11 Update 2). The ColdFusion 11 Update 2 is a cumulative update. That is, it includes all the bug fixes from the previous update of ColdFusion 11. This update addresses a security fix. For more details, see this article.
In ColdFusion 10, use the hot fix installer to apply this update (ColdFusion 10 Update 14). The ColdFusion 10 Update 14 is a cumulative update. That is, it includes all the bug fixes from the previous updates of ColdFusion 10. This update addresses few security fixes in addition to several other bug fixes. For more details, see this article.
If you have not applied the ColdFusion 10 Mandatory Update, then apply it first before applying this update. This step is not required if you have ColdFusion 10 Update 8 or later.
If you have applied the previous security hot fix APSB13-27, see Section 1. If you have not applied the previous security hot fix APSB13-27, see Section 2.
Follow the instructions that apply to your version of ColdFusion. Do not apply these fixes to any beta or prerelease version of ColdFusion.
Important Note: Adobe has released few hot fixes for ColdFusion 9.X.X separately. These hot fixes address certain security vulnerabilities and are not part of any other cumulative or security hot fix. Users should apply these hot fixes separately. For more details, see the Additional hot fixes section.
In the following deployment options, {ColdFusion-Home} indicates the following:
Use the following instructions if you have previously applied security hot fix APSB13-27.
Use these instructions if you have not applied security hot fix APSB13-27.
Follow the instructions in the security bulletin APSB11-15 to apply the fix.
Follow the instructions in the security bulletin APSB13-19 to apply the fix.
If you have installed the hot fix for ColdFusion 9, and upgraded to ColdFusion 9.0.1, then apply the security hot fix for the update.
For previous ColdFusion security hot fixes, see the Security bulletins and advisories page.
Sign in to your account