Recently patched Adobe ColdFusion bug exploited by Chinese APT

Recently patched Adobe ColdFusion bug exploited by Chinese APT

A suspected Chines APT group exploited the recently patched ColdFusion vulnerability in the wild by compromising a vulnerable ColdFusion server after directly uploading a China Chopper webshell.

The targeted servers hadn’t been updated with the patch released just two weeks earlier.

Volexity researchers observed the active exploitation of the newly patched CVE-2018-15961 flaw, a critical unrestricted file upload bug that could also lead to arbitrary code-execution, in Adobe ColdFusion, despite there being no public details or proof-of-concept code exists, according to a Nov. 8 blog post.

“The recent Adobe ColdFusion flaw that has been exploited recently is another example of how quickly malicious actors are to take advantage of recently-patched vulnerabilities,” Justin Jett,…


Source link

About coldfusion

Check Also

The History and Size of Microsoft | ColdFusion – MSN

Department of Energy To Revisit Cold Fusion – Space Daily

[unable to retrieve full-text content]Department of Energy To Revisit Cold Fusion  Space Daily Source link

Leave a Reply

Your email address will not be published. Required fields are marked *