Graphics design software specialist Macromedia has
rolled out a fix for a denial-of-service
its ColdFusion MX 6.1 product suite.
The San Francisco-based firm said the flaw affected all editions of
ColdFusion MX 6.1 and all versions of ColdFusion MX 6.1 J2EE. In an advisory, Macromedia tagged the issue as “important” and recommended
that users apply the accompanying patch immediately.
ColdFusion MX, formerly known as “Neo,” is a key part of Macromedia MX,
an integrated collection of tool, server and client technologies developed
to function as a single
environment.
ColdFusion MX is a favorite for developers looking to make use of its
function as both a stand-alone server and as an overlay on top of Java
application servers that enables Web services and a host of other
capabilities.
But, security bugs have followed the product around with the latest
centering around the way ColdFusion MX handles file uploads. “When file
uploads to ColdFusion MX via an HTML form are started, but are interrupted
before they complete – disk space on the server may not be reclaimed when
the ColdFusion MX template finishes processing,” the company explained.
Just last month, Macromedia released a series of
patches to plug security holes in its flagship Macromedia MX 2004
products. Those flaws vulnerabilities were found in products for the Mac OS
X platform and caused privilege escalation problems.
