ColdFusion: Security Bulletin APSB10-05Products affected
Issue
Note:This Technote description was updated on 02/18/2010. All ColdFusion users need to review this Technote again.
ColdFusion 9.0, 8.0.x and 7.0.2 are affected by the issue mentioned in security bulletin APSB10-05. This Technote provides fixes for the security issue as well as installation instructions.
Solution
Follow the instructions below to apply the fix to the different versions of ColdFusion.
Definition of ColdFusion-Lib
Server Install - {ColdFusion-Home}/lib
Multiserver - {JRun-Home}/servers/{YourServer}/cfusion-ear/cfusion-war/WEB-INF/cfusion/lib
J2EE Installs- cfusion-ear/cfusion-war/WEB-INF/cfusion/lib
ColdFusion 9
- Download the hotfix and extract the files.
- Stop the ColdFusion instance.
- Go to the {ColdFusion-Lib} directory and back up the flex-messaging-core.jar and flex-messaging-common.jar files.
- Copy the extracted files flex-messaging-core.jar and flex-messaging-common.jar to the {ColdFusion-Lib} directory.
- Restart the ColdFusion instance.
- Repeat Steps 2 – 5 if there are multiple instances of ColdFusion.
ColdFusion 8 and 8.0.1
- Download the hotfix and extract the files.
- Stop the ColdFusion instance.
- Go to the {ColdFusion-Lib} directory and back up the flex-messaging.jar and flex-messaging-common.jar files.
- Copy the extracted files flex-messaging.jar and flex-messaging-common.jar to the {ColdFusion-Lib} directory.
- Restart the ColdFusion instance.
- Repeat Steps 2 – 5 if there are multiple instances of ColdFusion.
ColdFusion 7.0.2
Note: Hotfix jar updated on 02/18/2010
- Download the hotfix and extract the files.
- Stop the ColdFusion instance.
- Go to the {ColdFusion-Lib} directory and back up the flex-messaging.jar and flex-messaging-common.jar files.
- Copy the extracted files flex-messaging.jar and flex-messaging-common.jar to the {ColdFusion-Lib} directory.
- Restart the ColdFusion instance.
- Repeat Steps 2 – 5 if there are multiple instances of ColdFusion.
Doc ID
(cpsid_82241)
Last updated
2010-05-24
Products affected
