Fortinet has observed significant threat exploitation targeting Adobe ColdFusion, a web development computing platform.
This is despite a series of security updates (APSB23-40, APSB23-41, and APSB23-47) released by Adobe in July following reports of several critical vulnerabilities in its platform.
Since those updates, however, Fortinet’s FortiGuard Labs IPS telemetry data has continued to detect numerous efforts to exploit one of these vulnerabilities, the deserialization of untrusted data by the Web Distributed Data eXchange (WDDX) data that forms part of some requests to ColdFusion.
This vulnerability is critical because it poses a significant risk of arbitrary code execution.
The observed attacks include probing, using an interactsh tool that can generate specific domain…
Source link