The hotfix resolves an HTTP response splitting vulnerability in the ColdFusion component browser. The vulnerability “could add or modify additional headers, which might cause unexpected behavior”, Adobe explained in its security update.
Adobe classified the vulnerabililty as “important” and gave it a priority rating of 2.
Adobe acknowledged the help of Michael Dominice, Yoshi Russell of Intelligent Software Solutions, and Stephen Duncan of Intelligent Software Solutions in identifying and fixing the ColdFusion vulnerability.
In March, Adobe issued a patch for a ColdFusion vulnerability that put users at risk for denial of service (DoS) attacks. The flaw was also rated important and No. 2 priority.
“This vulnerability could lead to a denial of service attack using a hash algorithm collision”, Adobe said at that time.