Security update: Hotfix available for ColdFusion
Description
Adobe ColdFusion versions 10, 9.0.2, 9.0.1, and 9.0 contain multiple critical security vulnerabilities that allow remote attackers to bypass authentication controls without requiring valid credentials. These vulnerabilities affect all platforms including Windows, Macintosh, and UNIX systems. Four of these vulnerabilities (CVE-2013-0625, CVE-2013-0629, CVE-2013-0631, and CVE-2013-0632) are actively being exploited in the wild, making immediate patching essential to prevent server compromise.
Remediation
Apply the security hotfix immediately by following these steps:
1. Download the appropriate hotfix for your ColdFusion version (10, 9.0.2, 9.0.1, or 9.0) and platform from the Adobe Security Bulletin APSB13-03 page referenced below.
2. Review the installation instructions provided in the hotfix documentation before proceeding.
3. Create a complete backup of your ColdFusion installation and application files.
4. Stop the ColdFusion service.
5. Install the hotfix following Adobe's provided instructions for your specific version and platform.
6. Restart the ColdFusion service and verify proper operation.
7. Review server logs for any suspicious activity that may indicate prior compromise.
If immediate patching is not possible, implement network-level access controls to restrict ColdFusion administrative interface access to trusted IP addresses only until the hotfix can be applied. Consult the references section for detailed installation instructions and additional guidance.