dcsimg

Macromedia Patches ColdFusion MX DoS Vulnerability

By Ryan Naraine (Send Email)
Posted Apr 20, 2004


Graphics design software specialist Macromedia has rolled out a fix for a denial-of-service vulnerability found in its ColdFusion MX 6.1 product suite.

Macromedia Monday rolled out a patch to fix a denial-of-service vulnerability found in its ColdFusion MX 6.1 product suite.

The San Francisco-based firm said the flaw affected all editions of ColdFusion MX 6.1 and all versions of ColdFusion MX 6.1 J2EE. In an advisory, Macromedia tagged the issue as "important" and recommended users immediately apply the accompanying patch.

ColdFusion MX, formerly known as "Neo," is a key part of Macromedia MX, an integrated collection of tool, server, and client technologies developed to function as a single environment.

ColdFusion MX is a favorite for developers looking to make use of its function as both a stand-alone server and an overlay on top of Java application servers that enables Web services and a host of other capabilities.

But security bugs have followed the product around, with the latest centering around the way ColdFusion MX handles file uploads. "When file uploads to ColdFusion MX via an HTML form are started, but are interrupted before they complete - disk space on the server may not be reclaimed when the ColdFusion MX template finishes processing," the company explained.

Just last month, Macromedia released a series of patches to plug security holes in its flagship Macromedia MX 2004 products. Those flaws vulnerabilities were found in products for the Mac OS X platform and caused privilege escalation problems.

This article was orignally published on internetnews.com.

Page 1 of 1


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.