Skip to main content
W
winkelmann
Participating Frequently
May 28, 2013
Question

CVE-2013-0632, Hotfix APSB13-03 for Coldfusion 8 ???

  • May 28, 2013
  • 1 reply
  • 1240 views

Hello; I have a question regarding the Coldfusion Security Bulletin APSB13-03 for ColdFusion 10, 9.0.2, 9.0.1 and 9.0.

Is this hotfix also availablefor Coldfusion 8.01? We use the Coldfusion 8.01 enterprise version.

Patched on the last available hotfix APSB12-21 -> Security update: Hotfix available for ColdFusion 10 and earlier.

By regulary scanning our systems a finding regarding CVE-2013-0632 was found by the scanners, to resolve with APSB13-03.

Is APSB13-03 available for Coldfusion 8.01? Core support ends 7/31/2012 (the last hotfix for cf 8 wa from 11/2012!)

But extended Support reaches until 7/31/2014.

frank

    This topic has been closed for replies.

    1 reply

    M
    mack_
    Participating Frequently
    May 29, 2013

    APSB13-03 does not seem to be available for CF 8 :

    http://www.adobe.com/support/security/bulletins/apsb13-03.html

    A
    Adam Cameron.
    Inspiring
    May 29, 2013

    There will be no further patches released for CF8. As per the posting above, it's past it's "use by" date, basically: once it's out of "core support", there are no more patches. The "extended support" only counts if you are on the paid-for support programme for which that is relevant. Basically you pay Adobe some money for the possibility of being able to pay them even more money for them to fix their bugs.

    However, for all these recent vulnerabilities that have been found, if you have run through the lockdown guide (which is essential to do for all public-facing servers as a matter of course anyhow) then the vulnerability is basically mitigated. The "vulnerabilities" are only really "vulnerabilities" on insecure servers.

    That said: don't take my word for it, do some reasearch and draw your own conclusions. I say this only because I don't want to be seen to be pronouncing about Adobe's support and CF's vulnerabilities, because I don't want someone to get hacked adn refer back here and go "but that bloke Adam said..." ;-)

    --

    Adam

    W
    winkelmannAuthor
    Participating Frequently
    May 29, 2013

    Thanks;

    You wrote exactly my thoughts )

    Mit freundlichen Grüßen

    Frank Winkelmann

    Siemens AG

    Corporate Information Technology

    Corporate Automation

    CIT CA HS 1 4

    Hugo-Junkers-Str. 9

    90411 Nürnberg, Deutschland

    Tel. Geschäftlich: 091145051290

    Tel. Mobil: 015254690615

    mailto:frank.winkelmann@siemens.com

    Siemens Aktiengesellschaft: Vorsitzender des Aufsichtsrats: Gerhard Cromme; Vorstand: Peter Löscher, Vorsitzender; Roland Busch, Brigitte Ederer, Klaus Helmrich, Joe Kaeser, Barbara Kux, Hermann Requardt, Siegfried Russwurm, Peter Y. Solmssen, Michael Süß; Sitz der Gesellschaft: Berlin und München, Deutschland; Registergericht: Berlin Charlottenburg, HRB 12300, München, HRB 6684; WEEE-Reg.-Nr. DE 23691322

    Von: Adam Cameron.

    Gesendet: Mittwoch, 29. Mai 2013 12:29

    An: Winkelmann, Frank

    Betreff: CVE-2013-0632, Hotfix APSB13-03 for Coldfusion 8 ???

    Re: CVE-2013-0632, Hotfix APSB13-03 for Coldfusion 8 ???

    created by Adam Cameron.<http://forums.adobe.com/people/Adam+Cameron.> in ColdFusion - View the full discussion<http://forums.adobe.com/message/5361018#5361018

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices