Skip to main content
Owainnorth
Owainnorth
Inspiring
December 16, 2011
Question

MPSB05-13 Cumulative Security Updater broken link

  • December 16, 2011
  • 1 reply
  • 1511 views

I need to find the following hotfix for JRun in CF8:

MPSB05-13 Cumulative Security Updater for JRun 4.0 server

but the link doesn't work any more. Does anyone have an updated link?


http://www.adobe.com/devnet/security/security_zone/mpsb05-13.html

    This topic has been closed for replies.

    1 reply

    Charlie Arehart
    Community Expert
    Charlie ArehartCommunity Expert
    Community Expert
    December 19, 2011

    Are you sure you need the hotfix for CF? Often when a hotfix exists for JRun, it is referring to the standalone edition of JRun, and not the Multiserver form of deployment (which of course runs atop a deployment of jRun). I don’t know about this particular fix. The fact that the link can’t be found (even via a search on the Adobe site) suggests it may not be needed. I see that it’s from 2005 (on http://www.adobe.com/support/security/.) What’s making you “need” it?

    /charlie

    /Charlie (troubleshooter, carehart. org)
    Owainnorth
    OwainnorthAuthor
    Inspiring
    December 19, 2011

    One of our ColdFusion 8 boxes is required to be PCI compliant, and the company who do our scans have suddenly decided that JRun 4 has a vuln from back in the day, which means the test now fails. Details of the vuln here. What's stupid is it only lists ColdFusion 6 as affected, but as CF8 still uses JRun 4 they've decided it now fails too.

    Has never been a problem before, and is a right pain to be honest. But isn't that just PCI scans all over...

    A
    Adam Cameron.
    Inspiring
    December 20, 2011

    To be fair to them, that doc was written in 2004, so when it lists 6.0 and 6.1 as affected, they are listing all versions to that date that run on JRun (so like not CF5 or before, because they were discrete apps).  I would take from that - all things being equal - that the situation exists in all subsequent versions of CF, unless they are patched.  Bear in mind that JRun hasn't seen significant revision since Adam was a boy.  And trust me, that was a long time ago.

    In better news, according to here: http://www.adobe.com/products/jrun/, the latest / last JRun updater includes all previous patches, so you should be fine if you install that.  And that one is still available.

    We did all this PCI compliance shenanigans recently, and I'll be having a beer with our techo bloke tonight.  I'll ask if our PCI auditors raised anything like this, and what we needed to do.  That said, around the same time we finally got around to upgrading from CF8 to CF9 (yay!), and perhaps that was not a coincidence..?

    --

    Adam

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices