Network Security, Patch/Configuration Management, Vulnerability Management

Hot & Cold: Adobe apples hotfixes to ColdFusion to help prevent XSS exploit

April 27, 2017

Adobe Systems on Tuesday issued a series of hotfixes that addresses an input validation flaw in multiple versions of its ColdFusion web application development platform. The software developer also resolved a java deserialization error in its Apache BlazeDS Java remoting and web messaging technology.

According to an Adobe security bulletin, the vulnerability in ColdFusion, officially designated CVE-2017-3008, could be potentially exploited across all platforms in reflected cross-site scripting attacks. The bug is found in ColdFusion's 2016 release (Update 3 and earlier), as well as versions 11 (Update 11 and earlier) and 10 (Update 22 and earlier).

Adobe has credited "Lion" with discovering the ColdFusion vulnerability and Moritz Bechler with reporting the Apache BlazeDS vulnerability (designated CVE-2017-3066).

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Learn More

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Red glowing word cyberattack on a black wall surrounded by green random letters cybersecurity concept 3D illustration

Network Security

Cyberattack defers Japan Airlines flights

SC StaffDecember 26, 2024

Japan Airlines, the country's flag carrier, had over 20 domestic flights and some international trips delayed following a cyberattack, which also impacted ticket purchases and luggage services, Kyodo News reports.

Network Security

Novel BellaCiao malware variant launched by Charming Kitten

SC StaffDecember 26, 2024

Attacks with an updated C++ variant of the BellaCiao dropper malware dubbed "BellaCPP" have been deployed by Iranian state-backed threat operation Charming Kitten — also known as APT35, CharmingCypress, CALANQUE, Mind Sandstorm, TA453, Newscaster, and Yellow Garuda — to facilitate further payload delivery, according to The Hacker News.

Network Security

SnapAttack to be acquired by Cisco

SC StaffDecember 20, 2024

Cisco has disclosed plans to purchase Virginia-based threat detection and defense firm SnapAttack as part of its efforts to bolster threat-informed defenses across enterprises..

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Hot & Cold: Adobe apples hotfixes to ColdFusion to help prevent XSS exploit

An In-Depth Guide to Network Security

Related

Cyberattack defers Japan Airlines flights

Novel BellaCiao malware variant launched by Charming Kitten

SnapAttack to be acquired by Cisco

Related Events

Building Modern Network security: Forecast and guidance: Late 2024, early 2025

The Security Experts Next Door: Enterprise Defense on a Lean Budget

Network security: New tools for an aging art

Get daily email updates