Two vulnerabilities have been reported in ColdFusion MX Server, which can be exploited by malicious people to disclose sensitive information and cause a DoS (Denial of Service).
The vulnerabilities reportedly affect version 6.0, 6.1 and 6.1 J2EE - JRun.
SOLUTION:
Apply updates.
ColdFusionMX 6.0:
http://www.macromedia.com/support/coldfusion/downloads_updates.html#updater
ColdFusionMX 6.1 Standard/Enterprise:
http://www.macromedia.com/cfusion/resourcecenter/rc_driver.cfm?pagename=cfmx%20updater
ColdFusion MX 6.1 J2EE (JRun):
http://www.macromedia.com/support/jrun/updaters.html
PROVIDED AND/OR DISCOVERED BY:
The vendor credits iDefense.
ORIGINAL ADVISORY:
http://www.macromedia.com/devnet/security/security_zone/mpsb04-09.html
http://community.securityteam.us/article.php/20041005182214729