Security Patches for ColdFusion 6.1?

Question

Security Bulletin APSB09-12 describes several vulnerabilities affecting ColdFusion 8.0.1 "and below." However, patches are only provided for ColdFusion 7.0.2 and above. Is ColdFusion 6.1 affected by these vulnerabilities? Should I apply the ColdFusion 7.0.2 patch to a ColdFusion 6.1 server?

The specific vulnerabilities I'm looking at are: CVE-2009-1872, CVE-2009-1875, CVE-2009-1877, CVE-2009-1878.

Any help is greatly appreciated.

Adam Cameron. · Answer

I can't say whether the vulnerabilites would affect CFMX6, but I can say that CFMX6 isn't supported any more (http://www.adobe.com/support/programs/policies/supported.html).

You definitely should not install patches not intended for your version of CF. You really ought to upgrade to at least CFMX7; although if you're upgrading, you should go straight to CF8. I don't recommend going to CF9 just yet: wait for a patch release of that first.

--

Adam

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded