Coldfusion

CISA Calls on Network Defenders to Take Action Against Adobe ColdFusion Vulnerability Risks

CISA Calls on Network Defenders to Take Action Against Adobe ColdFusion Vulnerability Risks

The Cybersecurity and Infrastructure Security Agency has issued an advisory concerning the exploitation of a vulnerability within select versions of the Adobe ColdFusion web application development platform that resulted in the compromise of two public-facing servers operated by a federal civilian executive branch agency. CISA said in its Dec. 5 cybersecurity advisory that each server was illegally accessed in two separate incidents in June, though it is not clear if the same malicious actors are behind both breaches. CISA documented the tactics, techniques and procedures that the malicious actors employed — including the implanting of software tools and the subsequent attempts to harvest user account credentials — and called on network defenders to monitor… Source link

Read More »

Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers

Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers

Dec 06, 2023NewsroomVulnerability / Web Server Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a high-severity Adobe ColdFusion vulnerability by unidentified threat actors to gain initial access to government servers. “The vulnerability in ColdFusion (CVE-2023-26360) presents as an improper access control issue and exploitation of this CVE can result in arbitrary code execution,” CISA said, adding an unnamed federal agency was targeted between June and July 2023. The shortcoming affects ColdFusion 2018 (Update 15 and earlier versions) and ColdFusion 2021 (Update 5 and earlier versions). It has been addressed in versions Update 16 and Update 6, respectively, released on March 14, 2023. It was added by CISA to the Known… Source link

Read More »