Cross-site scripting vulnerability in some CGI variables (ColdFusion MX 7)
Issue
A vulnerability has been identified that could allow an attacker to execute cross-site scripts by intercepting ColdFusion requests and modifying CGI variables.
Solution
- Download and unzip the hot fix. (3K)
- Open the ColdFusion MX Administrator and select the System Information page. Next to the Update File box, either:
-
- Type in the file path, and then click Submit.
OR
- Click the Browse button, and then browse to the file you downloaded in step 1. Select the file, and then click Apply.
-
- Restart ColdFusion MX.
You do not need to retain the ColdFusion MX 7 hot fix JAR file after installing it with the ColdFusion MX Administrator. This process copies the file to the correct location.
The ColdFusion MX 7 hot fix JAR file will appear as a new entry on the System Information page.
You can uninstall ColdFusion hot fix JAR files by stopping the ColdFusion MX 7 Application Server service and deleting the respective JAR file from cf_root/lib/updates.
Additional Information
- "ColdFusion hot fixes (MX 7 and higher)"(TechNote tn_17833)
This content requires Flash
To view this content, JavaScript must be enabled, and you need the latest version of the Adobe Flash Player.
Download the free Flash Player now!
