TeraTech

The ColdFusion Experts: Develop | Secure | Optimize

  • Services
  • About
  • CF Alive
  • Blog
  • Podcast
  • Contact

  • Services
  • About
  • CF Alive
  • Blog
  • Podcast
  • Contact

ColdFusion Security Hotfix (APSB17-30) Released

November 5, 2017 By Michaela Light Leave a Comment

Just last week, Adobe released their security updates (APSB17-30) for ColdFusion 2016 and ColdFusion 11. The said update was specifically created to fix two critical and one important issue. However, take note that the ColdFusion 10 and older will be vulnerable to some if not all of the issues. Plus, since the older versions began to become obsolete, there won't be any additional patches provided.

Adobe also stated that the fixes will be effective only when running the Java 1.8 update 121 or higher (Java 1.7 update 131 or higher but Java 7 is also EOL, which means you need to be running 1.8 if you use CF11+).

Because of the vulnerability of CVE-2017-11286, it is categorized as Improper Restriction of XML External Entity Reference. This can trigger the possibility of XML External Injection that will allow attackers to have access to resources via commands to the XML parser.

The second vulnerability of CVE-2017-11283 and CVE-2017-11284 is that Adobe described it as an “unsafe Java deserialization that could result in remote code execution”. Until now it is unclear if that would affect the use of the serialize() / deserialize () functions or if it will have broader issues.

And to continue learning how to make your ColdFusion apps more modern and alive, I encourage you to download our free ColdFusion Alive Best Practices Checklist.

Because… perhaps you are responsible for a mission-critical or revenue-generating CF application that you don’t trust 100%, where implementing new features is a painful ad-hoc process with slow turnaround even for simple requests.

What if you have no contingency plan for a sudden developer departure or a server outage? Perhaps every time a new freelancer works on your site, something breaks. Or your application availability, security, and reliability are poor.

And if you are depending on ColdFusion for your job, then you can’t afford to let your CF development methods die on the vine.

You’re making a high-stakes bet that everything is going to be OK using the same old app creation ways in that one language — forever.

All it would take is for your fellow CF developer to quit or for your CIO to decide to leave the (falsely) perceived sinking ship of CFML and you could lose everything—your project, your hard-won CF skills, and possibly even your job.

Luckily, there are a number of simple, logical steps you can take now to protect yourself from these obvious risks.

No Brainer ColdFusion Best Practices to Ensure You Thrive No Matter What Happens Next

ColdFusion Alive Best Practices Checklist

ColdFusion Alive Best Practices Checklist

Modern ColdFusion development best practices that reduce stress, inefficiency, project lifecycle costs while simultaneously increasing project velocity and innovation.

√ Easily create a consistent server architecture across development, testing, and production

√ A modern test environment to prevent bugs from spreading

√ Automated continuous integration tools that work well with CF

√ A portable development environment baked into your codebase… for free!

 

Learn about these and many more strategies in our free ColdFusion Alive Best Practices Checklist.

Related Posts

  • 11 Best Practices for a new Adobe ColdFusion Project11 Best Practices for a new Adobe ColdFusion Project
  • 017 Managing an international team, Git, CFML, Node, Joomla, Headaches and Heartaches, with Scott Coldwell017 Managing an international team, Git, CFML, Node, Joomla, Headaches and Heartaches, with Scott Coldwell
  • 050 Improve your CFML Code Quality (with some Cool Tools) with Kai Koenig – Transcript050 Improve your CFML Code Quality (with some Cool Tools) with Kai Koenig – Transcript
  • Comprehensive list of ColdFusion Conferences 2018Comprehensive list of ColdFusion Conferences 2018
  • TeraTech TAKE-Shelf: Using everything to its fullest potentialTeraTech TAKE-Shelf: Using everything to its fullest potential
  • State of the CF Union 2019 Survey (Partial Results)State of the CF Union 2019 Survey (Partial Results)
  • Facebook
  • Twitter
  • LinkedIn

Filed Under: ColdFusion, ColdFusion Security, Security

← Previous Post 046 What is new in Fusion Reactor 7 (20 new features), with David Tattersall
Next Post → 047 Best Practices Are Best, Except When They’re Not with Nolan Erck – Transcript

CF Alive Best Practices Checklist

 

Modern ColdFusion development best practices that reduce stress, inefficiency, project lifecycle costs while simultaneously increasing project velocity and innovation.

Recent Posts

  • Protected: State of the CF Union 2021 Survey Released
  • ColdFusion Server Crashing – First 3 Steps to Fix it Fast
  • What are CFers learning in 2021?
  • 4 Reasons Why Your ColdFusion Web Apps Are Suffering (And How To Avoid It)
  • Google Down – An Unprecedented Event (Save Your Data Fast!)

Categories

  • ActionScript
  • Adobe CF Summit
  • Adobe CF Summit East
  • Adobe CF Summit East 2018
  • Adobe ColdFusion 11
  • Adobe ColdFusion 2020 Beta
  • Adobe ColdFusion 2021
  • Adobe ColdFusion Project Stratus
  • Adobe ColdFusion Security
  • AIR
  • Ajax
  • AngularJS
  • Announcement
  • API
  • Apollo
  • Auto Security Lockdown
  • AWS
  • C#
  • Certification
  • CF Alive
  • CF Alive Book
  • CF Alive Podcast
  • CF Camp
  • CF Developer week
  • CF Maintenance
  • CF Summit India
  • CF Tags
  • CF Training
  • CF Vs. Other Languages
  • CFEclipse
  • CFML
  • CFML Open- Source
  • CFObjective
  • cfquery
  • CFSummit
  • CFUnited
  • China Chopper
  • CIO
  • Classes
  • Client Highlights
  • ColdBox
  • ColdFusion
  • ColdFusion 2018
  • ColdFusion 2020
  • ColdFusion 2021
  • ColdFusion 9
  • ColdFusion community
  • ColdFusion Conference
  • ColdFusion Consulting
  • ColdFusion Developer
  • ColdFusion Development
  • ColdFusion Hosting
  • ColdFusion Security
  • ColdFusion Webinar
  • CommandBox
  • Conference
  • Cool Stuff
  • Culture
  • Cybercrime
  • Database
  • Development Approach
  • DevOps
  • Docker
  • Fixinator
  • Flex
  • Frameworks
  • Fusebox
  • FusionReactor
  • Futurology
  • Garbage Collector
  • Google Down
  • Into The Box Latam
  • IntoTheBox Conference
  • Java
  • JavaScript
  • JVM
  • Learn CFML
  • Learn ColdFusion
  • Legacy Code
  • Load Testing
  • Lucee
  • Management
  • MAX
  • MDCFUG Lunch
  • Microsoft Azure
  • Mindmapping
  • MockBox
  • Modernize ColdFusion
  • Monitoring
  • Muracon
  • NCDevCon
  • New Intern
  • News
  • Node.js
  • Open- Source
  • ORM
  • Ortus Developer Week
  • Ortus Roadshow
  • Performance
  • Performance Tuning
  • PHP
  • Productivity
  • Programming Languages
  • Project planning
  • Query of Queries
  • Roadmap
  • Scalability
  • Security
  • Server Crash
  • Server Software
  • Server Tuning
  • Social Media
  • Spiral Web
  • SQL
  • Success Story
  • Survey
  • Technology
  • TestBox
  • Tips
  • Transcript
  • Trapeze Development
  • Uncategorized
  • Web 2.0
  • Web Application
  • Web Server
  • Webinar
  • Webmail
  • What is ColdFusion?
  • Whole Brain Development
  • Women in Tech
  • Work From Home

Recent Comments

  • Michaela Light on A Comprehensive Guide to Running a Successful CFML Project
  • Michaela Light on Is Lucee CFML now better than Adobe ColdFusion?
  • Michaela Light on Introducing Swansea Jack (Lucee CFML 6 announced)
  • Michaela Light on 082 ColdFusion and the Blockchain Revolution with Mike Brunt
  • Michaela Light on 082 ColdFusion and the Blockchain Revolution with Mike Brunt
  • Home
  • Services
  • About Us
  • CF Alive
    • CF Alive Book
    • CF Alive Inner Circle
    • CF Alive full resources cheatsheet
  • Blog
  • Podcast
    • Podcast Guest schedule
  • Contact
  • Sitemap

The ColdFusion Experts:
Develop, Secure, Optimize

TeraTech Inc
451 Hungerford Drive Suite 119
Rockville, MD 20850

Tel : +1 (301) 424 3903
Fax: +1 (301) 762 8185

Follow us on Facebook Follow us on LinkedIn Follow us on Twitter Follow us on Pinterest Follow us on YouTube

Copyright © 1998–2021 TeraTech Inc. All rights Reserved.