ColdFusion Security Bulletins

For those of you who don’t keep up with ColdFusion security bulletins, one was issue recently that you might want to look into, especially if you expose web services.

MPSB04-04 Security Patch available for ColdFusion MX and JRun 4.0 Web Services DoS

ColdFusion MX and JRun 4.0 Web Services may be vulnerable to a Denial-of-Service attack from maliciously constructed SOAP requests. ColdFusion Version 5 and earlier versions and JRun 3.1 and earlier versions do not support Web Services and are not vulnerable.

If you’re behind in your security patches, while you’re at it, you might want to install this one, as well:

MPSB04-02 Security Patch available for ColdFusion MX 6.1 form fields Denial of service

ColdFusion MX 6.1 is vulnerable to a denial of service attack if a malicious user creates a ficticious request containing a large number of form fields.

Find all the most recent Macromedia security bulletins at the Macromedia Security Zone. And if either of this bulletins were news to you, I recommend that you sign up for the Macromedia Security Notification Service.