Last month, Adobe released a fix for a Coldfusion security vulnerability. On the Adobe Product Security Incident Response Team (PSIRT) blog, Adobe posted:
Today, a Security Bulletin (APSB12-21) has been posted in regards to a security hotfix for Adobe ColdFusion 10 and earlier versions for Windows, Macintosh and UNIX. Adobe recommends users update their product installation using the instructions provided in the security bulletin.
That was on September 11th.
As Michael Lee at ZDNet noted at the time, "The fix is not available in a patch, meaning that administrators will need to follow Adobe's set of instructions for their specific version of ColdFusion and mitigate against the vulnerability manually."
"The hotfix has been rated as important and has a priority rating of 2, so administrators need not apply the fix immediately but should do so within 30 days."
Well, it's already October, so if you haven't addressed this by now, you may want to start thinking about it.
This applies to versions 10, 9.0.2, 9.0.1, 9.0, 8.0.1, and 8.0.