Urgent Adobe ColdFusion security update

[German]Adobe ColdFusion users should update to the latest version immediately. Adobe has closed a critical vulnerability that is already being exploited with a security update.


Advertising

The emergency update that addresses a critical vulnerability within the ColdFusion web app development platform has been released on March 1, 2019.

The vulnerability can lead to the arbitrary code execution and is already exploited. The security issue allows an attacker to bypass restrictions on uploading files. To take advantage of this, the attacker must be able to upload executable code to a directory of files on a web server. The code can then be executed via an HTTP request, says Adobe in its security bulletin APSB 19-14. All versions of ColdFusion that do not have the latest updates are affected by the vulnerability (CVE-2019-7816), regardless of the platform.

Charlie Arehart, an independent consultant responsible for reporting the vulnerability, told Bleeping Computer that he discovered the bug when he was deployed against one of his clients and analyzed the attack.


Advertising

This entry was posted in Security, Software, Update and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).