[unable to retrieve full-text content]Two New Adobe ColdFusion Vulnerabilities Exploited in Attacks SecurityWeek Source link
Read More »Critical Adobe ColdFusion flaws chained in ongoing cyber attacks
Two vulnerabilities in the Adobe ColdFusion platform are being actively exploited by threat actors in a series of cyber attacks, apparently after a proof of concept (PoC) for one of them was accidentally released to the public by researchers. The two vulnerabilities in question are CVE-2023-29298, an access control bypass flaw, and CVE-2023-38203, a remote code execution flaw, and together they seem to be being used to drop web shells on vulnerable ColdFusion instances in the service of enabling further attacks. However, according to Caitlin Condon of Rapid7, who has been tracking the vulnerabilities and posted new evidence detailing the exploit chain being used late on Monday 17 July, some confusion seems to have arisen over exactly what is going on. The background to the issue… Source link
Read More »New Vulnerabilities Found in Adobe ColdFusion – Infosecurity Magazine
[unable to retrieve full-text content]New Vulnerabilities Found in Adobe ColdFusion Infosecurity Magazine Source link
Read More »Multiple Adobe ColdFusion flaws exploited in the wild – TechTarget
[unable to retrieve full-text content]Multiple Adobe ColdFusion flaws exploited in the wild TechTarget Source link
Read More »Adobe ColdFusion vulnerabilities exploited to deliver web shells (CVE-2023-29298, CVE-2023-38203) – Help Net Security
[unable to retrieve full-text content]Adobe ColdFusion vulnerabilities exploited to deliver web shells (CVE-2023-29298, CVE-2023-38203) Help Net Security Source link
Read More »Adobe Fixes Critical ColdFusion Flaw | Decipher – Duo Security
[unable to retrieve full-text content]Adobe Fixes Critical ColdFusion Flaw | Decipher Duo Security Source link
Read More »Active Exploitation of Multiple Adobe ColdFusion Vulnerabilities
Last updated at Thu, 10 Aug 2023 20:45:27 GMT Rapid7 managed services teams have observed exploitation of Adobe ColdFusion in multiple customer environments. The attacks our team has responded to thus far appear to be chaining CVE-2023-29298, a Rapid7-discovered access control bypass in ColdFusion that was disclosed on July 11, with an additional vulnerability. The behavior our teams are observing appears to be consistent with a zero-day exploit published (and then subsequently taken down) by Project Discovery circa July 12. Background On Tuesday, July 11, Adobe released fixes for several vulnerabilities affecting ColdFusion, including a Rapid7-discovered access control bypass vulnerability (CVE-2023-29298) that we disclosed… Source link
Read More »Adobe patches critical ColdFusion, InDesign zero-day bugs – SC Media
[unable to retrieve full-text content]Adobe patches critical ColdFusion, InDesign zero-day bugs SC Media Source link
Read More »Cold fusion is making a scientific comeback – Popular Science
[unable to retrieve full-text content]Cold fusion is making a scientific comeback Popular Science Source link
Read More »Cold Fusion Energy Generation: A Game Changer for the Energy … – EnergyPortal.eu
[unable to retrieve full-text content]Cold Fusion Energy Generation: A Game Changer for the Energy … EnergyPortal.eu Source link
Read More »