The Oracle security Alert CVE-2010-4476 affects ColdFusion versions 9.0.1, 9.0, 8.0.1, and 8.0.
Adobe recommends updating the Java (JDK/JRE) for all ColdFusion server versions as per Oracle’s Java update instructions. Information about the security vulnerability along with the fix is provided at the following link.
Oracle just released a Security Alert with a fix for the vulnerability CVE-2010-4476, which affects Oracle Java SE and Oracle Java For Business. This vulnerability is present in Java running on servers as well as standalone Java desktop applications. Its successful exploitation by a malicious attacker can result in a complete denial of service for the affected servers.