Adobe released a security hotfix for web application development platform ColdFusion 9.0.1 and earlier versions for Windows, Mac, and Unix.
The hotfix resolves an HTTP response splitting vulnerability in the ColdFusion component browser.
The vulnerability “could add or modify additional headers, which might cause unexpected behavior,” Adobe said in its security update.
Adobe classified the vulnerabililty as “important” and gave it a priority rating of 2.
Adobe acknowledged the help of Michael Dominice, Yoshi Russell of Intelligent Software Solutions, and Stephen Duncan of Intelligent Software Solutions in identifying and fixing the ColdFusion vulnerability.
In March, Adobe issued a patch for a ColdFusion vulnerability that put users at risk for denial of service (DoS) attacks. The flaw also rated as important and had a priority rating of 2.
“This vulnerability could lead to a denial of service attack using a hash algorithm collision,” Adobe said at that time.