Adobe releases several ColdFusion hotfixes

by Derek Kortepeter
Sept. 1, 2017 1 comment TechGenix Apps & Hardening vulnerabilities

Adobe products, especially Flash and Reader, tend to need frequent patches. It would be ignorant, however, to suggest that these aforementioned products are the only concern. As indicated by recent hotfixes released for ColdFusion, Adobe’s rapid web application development platform, there are always other vulnerabilities to be concerned with. The hotfixes in question address, per Adobe’s security bulletin, “an input validation issue that could be used in reflected XSS (cross-site scripting) attacks (CVE-2017-3008)” as well as an issue in Apache BlazeDS that causes “Java deserialization (CVE-2017-3066).” The vulnerability (CVE-2017-3008) is a fairly straightforward threat. XSS attacks are a popular tool among hackers as it allows malicious code to be accepted as legitimate by an application. As the Open Web Application Security Project (OWASP) states, the reflected variation of XSS attacks allows attackers “to install key loggers, steal victim cookies, perform clipboard theft, and c...

negrii_irina88 7 months, 3 weeks ago

i didn't knew about it..this is new information for me and i'am glad that i have managed to read it