Adobe ColdFusion 10 before Update 11 allows remote attackers to call ColdFusion Components (CFC) public methods via WebSockets.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Coldfusion | Adobe | 10.0 (including) | 10.0 (including) |
| Coldfusion | Adobe | 10.0-update1 (including) | 10.0-update1 (including) |
| Coldfusion | Adobe | 10.0-update2 (including) | 10.0-update2 (including) |
| Coldfusion | Adobe | 10.0-update3 (including) | 10.0-update3 (including) |
| Coldfusion | Adobe | 10.0-update4 (including) | 10.0-update4 (including) |
| Coldfusion | Adobe | 10.0-update8 (including) | 10.0-update8 (including) |