Copy link to clipboard
Copied
Hello; I have a question regarding the Coldfusion Security Bulletin APSB13-03 for ColdFusion 10, 9.0.2, 9.0.1 and 9.0.
Is this hotfix also availablefor Coldfusion 8.01? We use the Coldfusion 8.01 enterprise version.
Patched on the last available hotfix APSB12-21 -> Security update: Hotfix available for ColdFusion 10 and earlier.
By regulary scanning our systems a finding regarding CVE-2013-0632 was found by the scanners, to resolve with APSB13-03.
Is APSB13-03 available for Coldfusion 8.01? Core support ends 7/31/2012 (the last hotfix for cf 8 wa from 11/2012!)
But extended Support reaches until 7/31/2014.
frank
Copy link to clipboard
Copied
APSB13-03 does not seem to be available for CF 8 :
http://www.adobe.com/support/security/bulletins/apsb13-03.html
Copy link to clipboard
Copied
There will be no further patches released for CF8. As per the posting above, it's past it's "use by" date, basically: once it's out of "core support", there are no more patches. The "extended support" only counts if you are on the paid-for support programme for which that is relevant. Basically you pay Adobe some money for the possibility of being able to pay them even more money for them to fix their bugs.
However, for all these recent vulnerabilities that have been found, if you have run through the lockdown guide (which is essential to do for all public-facing servers as a matter of course anyhow) then the vulnerability is basically mitigated. The "vulnerabilities" are only really "vulnerabilities" on insecure servers.
That said: don't take my word for it, do some reasearch and draw your own conclusions. I say this only because I don't want to be seen to be pronouncing about Adobe's support and CF's vulnerabilities, because I don't want someone to get hacked adn refer back here and go "but that bloke Adam said..." 😉
--
Adam
Copy link to clipboard
Copied
Thanks;
You wrote exactly my thoughts )
Mit freundlichen Grüßen
Frank Winkelmann
Siemens AG
Corporate Information Technology
Corporate Automation
CIT CA HS 1 4
Hugo-Junkers-Str. 9
90411 Nürnberg, Deutschland
Tel. Geschäftlich: 091145051290
Tel. Mobil: 015254690615
mailto:frank.winkelmann@siemens.com
Siemens Aktiengesellschaft: Vorsitzender des Aufsichtsrats: Gerhard Cromme; Vorstand: Peter Löscher, Vorsitzender; Roland Busch, Brigitte Ederer, Klaus Helmrich, Joe Kaeser, Barbara Kux, Hermann Requardt, Siegfried Russwurm, Peter Y. Solmssen, Michael Süß; Sitz der Gesellschaft: Berlin und München, Deutschland; Registergericht: Berlin Charlottenburg, HRB 12300, München, HRB 6684; WEEE-Reg.-Nr. DE 23691322
Gesendet: Mittwoch, 29. Mai 2013 12:29
An: Winkelmann, Frank
Betreff: CVE-2013-0632, Hotfix APSB13-03 for Coldfusion 8 ???
Re: CVE-2013-0632, Hotfix APSB13-03 for Coldfusion 8 ???
created by Adam Cameron.<http://forums.adobe.com/people/Adam+Cameron.> in ColdFusion - View the full discussion<http://forums.adobe.com/message/5361018#5361018