|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Adobe Security Bulletins - February 2007
From: Adobe Systems Incorporated (direct
adobesystems.com)
Date: Tue Feb 13 2007 - 17:43:06 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Adobe Security Bulletins:
- Patch available for ColdFusion MX 7 Cross-Site Scripting
issue when Global Script Protection is not enabled
- Patch available for ColdFusion MX Cross-Site Scripting
issue
- Patch available for JRun Cross-Site Scripting issue
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
APSB07-03 - Patch available for ColdFusion MX 7 Cross-Site
Scripting issue when Global Script Protection is not enabled
Originally posted: February 13, 2007
Summary:
A specially crafted URL could be used to create a cross-site
scripting attack on ColdFusion when Global Script Protection
is not enabled.
Severity Rating:
Adobe categorizes this issue as moderate:
http://direct.adobe.com/r?xJcPqWPEJnPlEPccncn
Adobe recommends that users apply this update to their
installations. Learn more:
http://direct.adobe.com/r?xJcPqWPEJnnHEPccncl
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
APSB07-04 - Patch available for ColdFusion MX Cross-Site
Scripting issue
Originally posted: February 13, 2007
Summary:
A vulnerability in ColdFusion's default error page could
allow an attacker to bypass ColdFusion's cross-site
scripting protection. A specially crafted request sent to
the ColdFusion server could result in the attacker being
able to conduct cross site scripting attacks.
Severity Rating:
Adobe categorizes this issue as moderate:
http://direct.adobe.com/r?xJcPqWPEJnPlEPccncn
Adobe recommends that users apply this update to their
installations. Learn more:
http://direct.adobe.com/r?xJcPqWPEJnncEPccncP
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
APSB07-05 - Patch available for JRun Cross-Site Scripting
issue
Originally posted: February 13, 2007
Summary:
A vulnerability in JRun's administrator console could allow
a cross-site scripting attack. A specially crafted URL sent
to the JRun administrator application could result in the
attacker being able to conduct cross site scripting attacks.
Severity Rating:
Adobe categorizes this issue as important:
http://direct.adobe.com/r?xJcPqWPEJnPlEPccncn
Adobe recommends that users apply this update to their
installations. Learn more:
http://direct.adobe.com/r?xJcPqWPEJnnJEPccncn
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ANY INFORMATION, PATCHES, DOWNLOADS, WORKAROUNDS, OR FIXES
PROVIDED BY ADOBE IN THIS BULLETIN ARE PROVIDED "AS IS"
WITHOUT WARRANTY OF ANY KIND. ADOBE AND ITS SUPPLIERS
DISCLAIM ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED OR
OTHERWISE, INCLUDING THE WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE. ALSO, THERE IS NO
WARRANTY OF NON-INFRINGEMENT, TITLE, OR QUIET ENJOYMENT.
(USA ONLY) SOME STATES DO NOT ALLOW THE EXCLUSION OF
IMPLIED WARRANTIES, SO THE ABOVE EXCLUSION MAY NOT APPLY
TO YOU. IN NO EVENT SHALL ADOBE, INC. OR ITS SUPPLIERS BE
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING, WITHOUT
LIMITATION, DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL,
SPECIAL, PUNITIVE, COVER, LOSS OF PROFITS, BUSINESS
INTERRUPTION, OR THE LIKE, OR LOSS OF BUSINESS DAMAGES,
BASED ON ANY THEORY OF LIABILITY INCLUDING BREACH OF
CONTRACT, BREACH OF WARRANTY, TORT (INCLUDING NEGLIGENCE),
PRODUCT LIABILITY OR OTHERWISE, EVEN IF ADOBE, INC. OR ITS
SUPPLIERS OR THEIR REPRESENTATIVES HAVE BEEN ADVISED OF
THE POSSIBILITY OF SUCH DAMAGES. (USA ONLY) SOME STATES
DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR
CONSEQUENTIAL OR INCIDENTAL DAMAGES, SO THE ABOVE EXCLUSION
OR LIMITATION MAY NOT APPLY TO YOU AND YOU MAY ALSO HAVE
OTHER LEGAL RIGHTS THAT VARY FROM STATE TO STATE.
Adobe reserves the right, from time to time, to update
the information in this document with current information.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This is an advertising message from Adobe Systems Incorporated,
its affiliates and agents ("Adobe"), 345 Park Avenue, San Jose,
CA 95110 USA. If you'd prefer not to receive email like this
from Adobe in the future, please click here to unsubscribe
http://direct.adobe.com/u?xccnqWcEJcPqWPEPccnJJ
or send an email to unsubscribe-naadobesystems.com. Alternatively,
you may mail your unsubscribe request to:
UNSUBSCRIBE
Adobe Systems Incorporated
P.O. Box 2205
Beaverton, OR 97075
Your privacy is important to us. Please review Adobe's online
Privacy Policy at: http://direct.adobe.com/r?xJcPqWPEJnPPEPccncT.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]