The flaw, which is rated “important”, affects ColdFusion 9.0.1 and earlier version for Windows, Mac, and UNIX.
“This vulnerability could lead to a denial of service attack using a hash algorithm collision”, Adobe said in its security bulletin.
The Priority 2 rating, part of the new advisory system introduced by Adobe last month, means that the “update resolves vulnerabilities in a product that has historically been at elevated risk. There are currently no known exploits.”
The “important” rating indicates the vulnerability, if exploited, “would compromise data security, potentially allowing access to confidential data, or could compromise processing resources in a user's computer.”
Adobe provided a hotfix for the vulnerability and recommended that users of ColdFusion apply the patch with the next 30 days.