• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

CF11, Update 19 - CVE-2019-8072, CVE-2019-8073, CVE-2019-8074

New Here ,
Oct 15, 2019 Oct 15, 2019

Copy link to clipboard

Copied

Dear community,

 

We are still using CF11, which is now in Extended Support. 

 

Obviously, we want to migrate to CF2016 or CF2018, but this is a major effort and we do not have the capacity to do it right now.

 

To precisely assess the risk we are currently exposed to, I need to know whether CF11, Update19 is vulnerable to the following vulnerabilities:

 - CVE-2019-8072

 - CVE-2019-8073

 - CVE-2019-8074

 

Any answer will be deeply appreciated.

 

Kind Regards, 

Views

165

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Oct 15, 2019 Oct 15, 2019

Copy link to clipboard

Copied

As far as I can see, the vulnerabilities relate to ColdFusion 2016 and ColdFusion 2018, not ColdFusion 11.

https://nvd.nist.gov/vuln/detail/CVE-2019-8072

https://nvd.nist.gov/vuln/detail/CVE-2019-8073

https://nvd.nist.gov/vuln/detail/CVE-2019-8074

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Oct 16, 2019 Oct 16, 2019

Copy link to clipboard

Copied

LATEST

I'd advise caution in that conclusion, BKBK. It could be merely that what they show is based on what the reference they offer to the Adobe PSBs, which may only mention CF2016 and 2018 as they are all that are officially "supported" as of the date of this report in late 2019.

 

glandrein, you may want to reach out to adobe directly fo clarification if they don't reply here, such as at cfinstal@adobe.com (though they may, too, only respond that they can provide info only aout CF2016 and above at this date). Finally, you may want to reach out to Pete Freitag, who is perhaps the main security maven in the CF community: pete@foundeo.com (an address he offers publicly on his foundeo.com site).


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation