Adobe Releases Security Update for Adobe ColdFusion

Adobe has released a security hotfix for ColdFusion versions 10, 9.0.2, 9.0.1, and 9.0 for Windows, Macintosh and Linux to address multiple vulnerabilities. This hotfix addresses a reflected cross site scripting vulnerability (CVE-2013-5326) that could be exploited by a remote, authenticated user and a vulnerability (CVE-2013-5328) that could permit unauthorized remote read access.

US-CERT recommends users and administrators review Adobe Security Advisory APSB13-27 and follow best practice security policies to determine if their organization is affected and the appropriate response.