This update also addresses a high severity vulnerability in ColdFusion that could be exploited to create arbitrary files on the remote system. This issue was addressed by updating the underlying code to avoid the creation of files outside of the web root. Update 14 resolves another high severity vulnerability that could be exploited to bypass the XSS filter. This update also addresses several moderate and low severity issues, including: - An issue where a user’s password was not being masked when it was stored in a field that was later submitted to the server. The issue was addressed by masking passwords before they are sent to the server in the field. - An issue where a user could see an error message when accessing a sub-site if that sub-site was configured to force a login. The issue was addressed by not showing the error message when accessing the sub-site. - An issue where a user could not create a sub-site if that sub-site was configured to require a login. Update 14 also includes a fix for a performance issue experienced when using ColdFusion Builder with a large number of templates in a project.
What is an application security assessment?
An application security assessment is the process of assessing a company’s web application for vulnerabilities. It helps organizations understand how their websites and applications could be attacked, as well as what needs to be done to prevent it from happening.
Applications are not inherently protected, so companies need to use other methods in order to defend themselves against cyber attacks. An application security assessment typically entails performing a malware scan and taking screenshots of the website and application. Additionally, the assessment can include an audit of the backend system logs, including access logs and error logs.
What is the ColdFusion Update Process?
Every month, Adobe releases a new version of ColdFusion. These updates are cumulative and contain all of the previous fixes and features that were included in previous versions. The next update is scheduled for May 22nd, 2018. All users will be prompted to upgrade when they try to access any of the applications that have not been updated since December 10th, 2017. The update process will begin automatically on every ColdFusion server with an active maintenance plan.
How to Install ColdFusion Update 14
- Navigate to your ColdFusion administrator console.
- In the top left corner of the ColdFusion administrator console, enter "update 14" as the update number in the search field.
- Expand Updates and double click on Update 14.
- Follow all prompts for installation of this update.
What is the ColdFusion Security Update?
This is not a security update. This is an update to the underlying code in ColdFusion that resolves issues that were identified after the release of ColdFusion 10.1. Update 14 does not address any vulnerabilities in ColdFusion, but it provides a fix for performance issues experienced when using ColdFusion Builder with a large number of templates in a project.
The update also includes updates to other components, including: - Apache Tomcat 7.0.34 - OpenSSL 1.0.2q - JBoss EAP 7.3.0 - Oracle JDK 5 and 6
Timeline
Published on: 10/14/2022 20:15:00 UTC
Last modified on: 10/19/2022 06:16:00 UTC