Secure Profile Web Application Test
Adobe commissioned Neohapsis to perform a whitebox application assessment of the ColdFusion 11 Secure Profile access controls.
The paper contains a complete recitation of their findings. The findings summarize that ColdFusion 11 has no vulnerability when secure profile was enabled. Neohapsis did not identify any vulnerabilities in the secure profile or Secure & Production profile in ColdFusion 11 during the whitebox application assessment. Four configuration related vulnerability with ‘low severity’ were identified in the developer profile.