Adobe Patches Actively Exploited ColdFusion Zero-Day Flaw

Adobe Systems released an emergency update for the ColdFusion application server to fix a critical remote code execution that’s already being exploited by attackers.

The vulnerability, tracked as CVE-2019-7816, is located in the upload functionality and is described as an upload restriction bypass. Attackers can exploit the flaw to upload executable code to a web-accessible directory and then execute it via an HTTP request.

The flaw affects ColdFusion 11, 2016 and 2018 and successful exploitation results in arbitrary code execution with the privileges of the ColdFusion service.

In addition to patching the flaw, Adobe has made several changes that can help mitigate this issue. It introduced a new application setting called blockedExtForFileUpload, added a new server option called…

Source link

About coldfusion

Check Also

Department of Energy To Revisit Cold Fusion – Space Daily

Department of Energy To Revisit Cold Fusion – Space Daily

[unable to retrieve full-text content]Department of Energy To Revisit Cold Fusion  Space Daily Source link

Leave a Reply

Your email address will not be published. Required fields are marked *