Update ColdFusion Now, Critical Zero-Day Bug Exploited in the Wild

Adobe today released emergency updates that fix a critical vulnerability for the ColdFusion web app development platform. The bug can lead to arbitrary code execution and has been exploited in the wild.

The security issue allows an attacker to bypass restrictions for uploading files. To take advantage of it, the adversary has to be able to upload executable code to a directory of files on a web server. The code can then be executed via an HTTP request, Adobe says in its security bulletin.

Critical bug exploited

All ColdFusion versions that do not have the current updates are affected by the vulnerability (CVE-2019-7816), regardless of the platforms they are for.

Charlie Arehart, an independent consultant credited for reporting the vulnerability, told us that he discovered the bug…


Source link

About coldfusion

Check Also

TheServerHost Launched Korea, South Korea, Seoul VPS Server Hosting Plans with Linux and Windows OS

Best Korea VPS Server Hosting Provider TheServerHost offering Korean, South Korea High Performance, low cost …

Leave a Reply

Your email address will not be published.