Critical Adobe ColdFusion flaws chained in ongoing cyber attacks

Critical Adobe ColdFusion flaws chained in ongoing cyber attacks

Two vulnerabilities in the Adobe ColdFusion platform are being actively exploited by threat actors in a series of cyber attacks, apparently after a proof of concept (PoC) for one of them was accidentally released to the public by researchers.

The two vulnerabilities in question are CVE-2023-29298, an access control bypass flaw, and CVE-2023-38203, a remote code execution flaw, and together they seem to be being used to drop web shells on vulnerable ColdFusion instances in the service of enabling further attacks.

However, according to Caitlin Condon of Rapid7, who has been tracking the vulnerabilities and posted new evidence detailing the exploit chain being used late on Monday 17 July, some confusion seems to have arisen over exactly what is going on.

The background to the issue…


Source link

About coldfusion

Check Also

Department of Energy To Revisit Cold Fusion – Space Daily

Department of Energy To Revisit Cold Fusion – Space Daily

[unable to retrieve full-text content]Department of Energy To Revisit Cold Fusion  Space Daily Source link

Leave a Reply

Your email address will not be published. Required fields are marked *