Adobe released an update for ColdFusion to close a security hole in its rapid web application development software.
The hotfix for ColdFusion addresses a vulnerability (CVE-2012-2048), which the company rates as important, that an attacker could exploit remotely to cause a denial-of-service (DoS) condition.
Originally, ColdFusion made it easier to connect simple HTML pages to a database, but by Version 2, it had become a full platform that included an integrated development environment in addition to a full scripting language. As of 2010, versions of ColdFusion included advanced features for enterprise integration and development of Internet applications.
Adobe officials said the unspecified error affects versions 8.0, 8.0.1, 9.0 to 9.0.2, and 10 of ColdFusion for Windows, Mac OS X and UNIX.
Installing the provided hotfix corrects the problem; download links and installation instructions for each affected version are on the APSB12-21 technote page.
All users should download and apply the hotfix, Adobe officials said. Adobe credits UK developer David Boyer for finding and reporting the problem.