Adobe updates ColdFusion, JRun, Flex

Article

Adobe updates ColdFusion, JRun, Flex

Adobe Systems Inc. has released critical patches repairing eight flaws in versions 8.0.1 and earlier of ColdFusion, JRun 4.0 and Flex 3.3 SDK.

ColdFusion and JRun are web development applications that include application servers used to develop and test applications. Adobe said in the update issued Tuesday that attackers could exploit the

    Requires Free Membership to View

    Login

    SearchSecurity.co.UK members gain immediate and unlimited access to breaking UK industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.co.UK today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.co.uk you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.co.uk is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

ColdFusion and JRun vulnerabilities to steal sensitive data or take complete control of a victim's machine.

The most serious flaws are cross-site scripting (XSS) vulnerabilities, which allow attackers to execute malicious code on an underlying system by passing a malicious URL. The update repairs two XSS flaws in ColdFusion and two such flaws in JRun. The update to Flex also resolved an XSS vulnerability within the express-install templates for the Flex SDK. The fix was issued Wednesday.

Adobe said it is not currently aware of any exploits in the wild for the security vulnerabilities fixed in the applications.