Need Adobe Clarification of May 11 security update

Forum|Forum|15 years ago
May 12, 2010
2 replies
1125 views

In the Details secion of the May 11 Adobe Security Update at http://www.adobe.com/support/security/bulletins/apsb10-11.html it says

This update resolves an information disclosure vulnerability. This vulnerability requires local access. (CVE-2010-1294)

What do you mean by "local access"?

This topic has been closed for replies.

ilssac

Inspiring

As posted on Ben Forta's Blog this morning.

http://forta.com/blog/index.cfm/2010/5/11/ColdFusion-Security-Hotfix-Released

Issue resolved - it was isolated to CF8.0.1 with hotfix 4 (32 and 64 bit). Please review the updated technote
http://kb2.adobe.com/cps/841/cpsid_84102.html

-

-__cfSearching__-

Inspiring

What do you mean by "local access"?

It does not really specify. As a non-security expert, my guess would be someone with local access to the server, though not CF Administrator access.

http://www.vupen.com/english/advisories/2010/1127

http://www.securityfocus.com/bid/40074/discuss

"Adobe ColdFusion is prone to an unspecified local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks."

M

mkane1Author

Inspiring

Thanks for the reply, but that is why I asked for Adobe to clarify. I don't want to guess or assume.

-

-__cfSearching__-

Inspiring

Thanks for the reply, but that is why I asked for Adobe to
clarify. I don't want to guess or assume.

Understood. But these are just user forums. Adobe employees do not generally monitor them. So if you want a definitive answer, you will have to contact them directly.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded