We recommend updating to the latest version as soon as possible. An update is also currently available for ColdFusion 10, ColdFusion 11, ColdFusion 10.1, ColdFusion 11.1, ColdFusion 10.1.1, ColdFusion 11.1.1, ColdFusion 10 and ColdFusion 11. The ColdFusion Update Manager can be used to update these products. Adobe recommends these steps be taken if possible: Enabling the remote update feature on the server is recommended. If remote update is not an option, then the server needs to be patched before updating the ColdFusion applications on the server. We recommend using an application like SysInternals

Adobe ColdFusion Update Manager


The ColdFusion Update Manager is a tool that will help update your ColdFusion applications by automatically updating the server.
ColdFusion 10, ColdFusion 11, and ColdFusion 10.1 are updated to version 20.1.0 and require no patching. These updates are available via the Adobe Update Manager. You can also manually download and install them using the following links:

Adobe ColdFusion Update Manager

If you have multiple servers, it may be necessary to update the server that has the latest version of the software before updating a ColdFusion application. This can be accomplished with Adobe ColdFusion Update Manager (CCUM). CCUM is a free tool that can be used to remotely update servers and applications. If you are not able to patch your servers, then you will need to upgrade all of your ColdFusion applications on each server before updating again.

What is the ColdFusion HTTP Header?

The ColdFusion HTTP header is used to send and receive information about the "user agent" of the browser or mobile device. In version 10, the default user agent string is "CFM 10".
The user agent string is used by web servers to help identify which browser or mobile device is sending the request. It can also be used to help track down web server errors.
In CFML, this header is called HTTP_USER_AGENT and it can be included in a response as part of a

References:

- https://blogs.adobe.com/coldfusion/2018/01/17/CVE-2022-38418

We recommend updating to the latest version as soon as possible. An update is also currently available for ColdFusion 10, ColdFusion 11, ColdFusion 10.1, ColdFusion 11.1, ColdFusion 10 and ColdFusion 11. The ColdFusion Update Manager can be used to update these products. Adobe recommends these steps be taken if possible: Enabling the remote update feature on the server is recommended. If remote update is not an option, then the server needs to be patched before updating the ColdFusion applications on the server. We recommend using an application like SysInternals

Timeline

Published on: 10/14/2022 20:15:00 UTC
Last modified on: 10/14/2022 20:31:00 UTC

References