The Oracle security Alert CVE-2010-4476 affects ColdFusion versions 9.0.1, 9.0, 8.0.1, and 8.0.
Adobe recommends updating the Java (JDK/JRE) for all ColdFusion server versions as per Oracle’s Java update instructions. Information about the security vulnerability along with the fix is provided at the following link.
Note: Java version used by ColdFusion can be found in the ColdFusion Administrator settings pages.
For ColdFusion servers using 1.6.x java version, you can apply the fix by upgrading to latest 1.6.0_24 JDK or running the Floating point updater tool.
For ColdFusion servers using 1.5.x java version, you can apply the fix by running the Floating point updater tool.
ColdFusion versions 9.0.1, 9.0, 8.0.1, 8.0 are certified and supported with JDK 1.6.0_24.