Login   |   Secure Purdue > News

ColdFusion 10 Vulnerability

STEAM-ADVISORY NO. 2013100801
PURDUE UNIVERSITY SECURITY STEAM CIRT
Tuesday, October 8, 2013  14:00:00 EDT


==OVERVIEW==


Adobe Source Code Breach - ColdFusion 10 Vulnerability


==SYSTEMS AFFECTED==


ColdFusion Web Application platform (ColdFusion 10)


==DETAILS==


Adobe Systems Inc. recently announced a breach to the source code for
the ColdFusion Web Application platform (ColdFusion 10).  The Acrobat
family of products may have also been breached.  A source code breach
could expose vulnerabilities otherwise unknown to malicious entities.

Adobe has recommended that customers run only supported versions of
their software, apply all security updates, and follow the advice in the
Acrobat Enterprise Toolkit and the ColdFusion Lockdown Guide.  These
steps are intended to help mitigate attacks targeting older, unpatched,
or improperly configured deployments of Adobe products.


==SOLUTIONS==


Ensure that ColdFusion 10 and Adobe Acrobat products are up to date with
the latest patches.

ColdFusion Lockdown Guide:
http:// w w w .adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/cf10/cf10-lockdown-guide.pdf


Acrobat Enterprise Toolkit:
http:// w w w .adobe.com/devnet-docs/acrobatetk/index.html

(remove spaces from links)


==FURTHER INFORMATION AND RESOURCES==


http:// b l ogs.adobe.com/asset/2013/10/illegal-access-to-adobe-source-code.html

(remove spaces from links)



==STEAM-CIRT CONTACT INFORMATION==


For questions concerning this advisory, please send email to:
itap-securityhelp@purdue.edu.

Report computer-related abuse to steam-cirt:
http:// w w w .purdue.edu/securePurdue/incidentReportForm.cfm


http:// w w w .purdue.edu/securepurdue/steam


(remove spaces from links)

Posted by IT Security & Policy on October 08, 2013, in Advisory Alerts.