Accessibility
Adobe
Sign in My orders My Adobe

Title

Cross-site scripting vulnerability in some CGI variables (ColdFusion MX 7)Products affected

Issue

A vulnerability has been identified that could allow an attacker to execute cross-site scripts by intercepting ColdFusion requests and modifying CGI variables.

Solution

  1. Download and unzip the hot fix. (3K)
  2. Open the ColdFusion MX Administrator and select the System Information page. Next to the Update File box, either:

    • Type in the file path, and then click Submit.

      OR

    • Click the Browse button, and then browse to the file you downloaded in step 1. Select the file, and then click Apply.
  3. Restart ColdFusion MX.

You do not need to retain the ColdFusion MX 7 hot fix JAR file after installing it with the ColdFusion MX Administrator. This process copies the file to the correct location.

The ColdFusion MX 7 hot fix JAR file will appear as a new entry on the System Information page.

You can uninstall ColdFusion hot fix JAR files by stopping the ColdFusion MX 7 Application Server service and deleting the respective JAR file from cf_root/lib/updates.

Additional Information

  • "ColdFusion hot fixes (MX 7 and higher)"(TechNote tn_17833)

Doc ID
(kb403212)

Last updated
2008-03-11

Products affected

ColdFusion 7
ColdFusion MX

Contacting Adobe Support

Still need help?
Find out about all your support options.
Contact support

Products

Solutions

Industries

Help

Learning

Ways to buy

Downloads

Company

Choose your region

Copyright © 2012 Adobe Systems Incorporated. All rights reserved.

Use of this website signifies your agreement to the Terms of Use and Online Privacy Policy (updated 07-14-2009).

Reviewed by TRUSTe: site privacy statement