STEAM-ADVISORY NO. 2013100801 PURDUE UNIVERSITY SECURITY STEAM CIRT Tuesday, October 8, 2013 14:00:00 EDT ==OVERVIEW== Adobe Source Code Breach - ColdFusion 10 Vulnerability ==SYSTEMS AFFECTED== ColdFusion Web Application platform (ColdFusion 10) ==DETAILS== Adobe Systems Inc. recently announced a breach to the source code for the ColdFusion Web Application platform (ColdFusion 10). The Acrobat family of products may have also been breached. A source code breach could expose vulnerabilities otherwise unknown to malicious entities. Adobe has recommended that customers run only supported versions of their software, apply all security updates, and follow the advice in the Acrobat Enterprise Toolkit and the ColdFusion Lockdown Guide. These steps are intended to help mitigate attacks targeting older, unpatched, or improperly configured deployments of Adobe products. ==SOLUTIONS== Ensure that ColdFusion 10 and Adobe Acrobat products are up to date with the latest patches. ColdFusion Lockdown Guide: http:// w w w .adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/cf10/cf10-lockdown-guide.pdf Acrobat Enterprise Toolkit: http:// w w w .adobe.com/devnet-docs/acrobatetk/index.html (remove spaces from links) ==FURTHER INFORMATION AND RESOURCES== http:// b l ogs.adobe.com/asset/2013/10/illegal-access-to-adobe-source-code.html (remove spaces from links) ==STEAM-CIRT CONTACT INFORMATION== For questions concerning this advisory, please send email to: firstname.lastname@example.org. Report computer-related abuse to steam-cirt: http:// w w w .purdue.edu/securePurdue/incidentReportForm.cfm http:// w w w .purdue.edu/securepurdue/steam (remove spaces from links)
Posted by IT Security & Policy on October 08, 2013, in Advisory Alerts.