Skip to main content
A
Aegis_Kleais
Inspiring
April 17, 2013
Question

Wow! Where *IS* the CF10 Update 9 Information?!

  • April 17, 2013
  • 1 reply
  • 487 views

I understand Adobe is a big company, and the bigger you get, the more disorganized your website becomes.  But I HATE using their website!  Not only are searches prone to just spew out a myriad of useless non-related links, but the main navigation can't take me to where I want to go either.

Anyways, my CF10 servers are barking at me about Update 9 being out.  They tell me to login and click the READ MORE link for more information (which takes me to http://www.adobe.com/support/security/bulletins/apsb13-10.html); but guess what, there's next to no information whatsoever on the page that outlines what this update addresses.

Look at this page, for ColdFusion 10 Update 1:

http://helpx.adobe.com/coldfusion/kb/coldfusion10-update-01.html

BEAUTIFUL.  Outlines individual bugs that were resolved, and one could think that from here, I could just change the '01' in the URL to '09', but no.  It's not that simple.

So can someone have pity on a person who's been trying to find the "ColdFusion 10 Update 9" information page, and fire me off a link so I can read up?  Thank you.

    This topic has been closed for replies.

    1 reply

    Anit_Kumar
    Anit_Kumar
    Inspiring
    April 17, 2013

    Hi,

    Thank you for your post. We apologize for the inconvenience caused. Here is the Tech Note http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-10.html for ColdFusion Update 9.

    Hope that helps.

    Regards,

    Anit Kumar

    A
    Aegis_KleaisAuthor
    Inspiring
    April 17, 2013

    Thanks Anit, but it seems even that page doesn't have information on what Update 9 fixes.  It has a link in the middle of the page that takes me to another page (http://www.adobe.com/support/security/bulletins/apsb13-10.html) where I saw:

    This hotfix resolves a vulnerability that could be exploited to impersonate an authenticated user (CVE-2013-1387).

    This hotfix resolves a vulnerability that could be exploited by an unauthorized user to gain access to the ColdFusion administrator console (CVE-2013-1388).

    I can only assume that these are the 2 issues addressed in the Update.  I had to check the NVD to get info on these.  I wonder why Adobe chose to change the format of it's Update pages.  And why I couldn't just goto the ColdFusion page, choose "Updates" and see a list of Updates as well as what they each fixed.

    "Simplicity is the Ultimate Sophistication" — Leonardo da Vinci

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices