CVE-2017-11283 Adobe Security Hotfix for ColdFusion (APSB17-30)

Adobe ColdFusion is an application for developing Web sites.

Adobe has released security hotfixes for ColdFusion version 11 and the 2016 release. These hotfixes resolve an input validation issue that could be used in reflected XSS (cross-site scripting), External XML Entity (XXE) Reference and Deserialization of untrusted data.

Affected Versions:
ColdFusion (2016 release) Update 4 and earlier versions
ColdFusion 11 Update 12 and earlier versions

Depending on the vulnerability being exploited, an unauthenticated, remote attacker could execution arbitrary Java or Javascript code or exploit XXE.

The vendor has released a hotfix to patch this vulnerability. Please refer to APSB17-30 for detailed information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

APSB17-30