Recently patched Adobe ColdFusion bug exploited by Chinese APT

A suspected Chines APT group exploited the recently patched ColdFusion vulnerability in the wild by compromising a vulnerable ColdFusion server after directly uploading a China Chopper webshell.

The targeted servers hadn’t been updated with the patch released just two weeks earlier.

Volexity researchers observed the active exploitation of the newly patched CVE-2018-15961 flaw, a critical unrestricted file upload bug that could also lead to arbitrary code-execution, in Adobe ColdFusion, despite there being no public details or proof-of-concept code exists, according to a Nov. 8 blog post.

“The recent Adobe ColdFusion flaw that has been exploited recently is another example of how quickly malicious actors are to take advantage of recently-patched vulnerabilities,” Justin Jett,…

Source link

About coldfusion

Check Also

Tellenger Announces Successful –

FAIRFAX, Va., June 23, 2022 (GLOBE NEWSWIRE) — Tellenger Inc., a subsidiary of WaveDancer, Inc., …

Leave a Reply

Your email address will not be published.