tracker issue : CF-4205457

select a category, or use search below
(searches all categories and all time range)

Hotfix Adobe ColdFusion CVE-2019-8072 broke REST

| View in Tracker

Status/Resolution/Reason: To Fix//BugVerified

Reporter/Name(from Bugbase): Owen B. / ()

Created: 10/17/2019

Components: REST Services

Versions: 2016

Failure Type:

Found In Build/Fixed In Build: ColdFusion Edition: 2016,0,12,315717 /

Priority/Frequency: Normal /

Locale/System: / Win 2012 Server x64

Vote Count: 0

Problem Description: I applied the Adobe ColdFusion CVE-2019-8072 hotfix (no other changes) and now REST services are breaking. In CF Admin, when I click on the service, I get Tomcat error: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986.  Also calls to service in CF code throw 500 errors.

Steps to Reproduce:Apply Adobe ColdFusion CVE-2019-8072 patch. In CF Admin click on existing REST or create a new one, then click on it, or call it in CF code.

Actual Result:

Expected Result:

Any Workarounds: