Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root. Per: http://www.adobe.com/support/security/bulletins/apsb07-07.html
CVE number: CVE-2007-1278
Platform: Windows only
Affected software versions: ColdFusion MX 7.X
* JRun 4.0 Updater 6
* ColdFusion MX 7.0 Enterprise Edition, if installed as the "Multi-Server" option
* ColdFusion MX 6.1 Enterprise, if installed with the "J2EE" option and deployed on JRun 4.0 Updater 6
NOTE: ColdFusion MX 6.1 and 7.0 Standard editions are not affected. This vulnerability has been addressed by the vendor with the following patch: http://www.adobe.com/support/security/bulletins/apsb07-07.html
Publication date: Sat, 17 Mar 2007 01:19:00 +0000