{"id":8785,"date":"2019-03-04T07:53:46","date_gmt":"2019-03-04T06:53:46","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=8785"},"modified":"2024-10-03T00:36:14","modified_gmt":"2024-10-02T22:36:14","slug":"urgent-adobe-coldfusion-security-update","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2019\/03\/04\/urgent-adobe-coldfusion-security-update\/","title":{"rendered":"Urgent Adobe ColdFusion security update"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" align=\"left\" height=\"47\">[<a href=\"https:\/\/web.archive.org\/web\/20240104003610\/https:\/\/www.borncity.com\/blog\/2019\/03\/04\/adobe-coldfusion-dringend-patchen\/\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]Adobe ColdFusion users should update to the latest version immediately. Adobe has closed a critical vulnerability that is already being exploited with a security update. <\/p>\n<p><!--more--><\/p>\n<p>The emergency update that addresses a critical vulnerability within the ColdFusion web app development platform has been released on March 1, 2019. <\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"de\">\n<p lang=\"en\" dir=\"ltr\">Updated: \"Urgent <a href=\"https:\/\/twitter.com\/hashtag\/ColdFusion?src=hash&amp;ref_src=twsrc%5Etfw\">#ColdFusion<\/a> security update released March 1 2019, for CF11\/2016\/2018, Part 1\" <a href=\"https:\/\/t.co\/hmBVFOeZxY\">https:\/\/t.co\/hmBVFOeZxY<\/a> (more details)<\/p>\n<p>\u2014 Charlie Arehart (@carehart) <a href=\"https:\/\/twitter.com\/carehart\/status\/1101906289712611329?ref_src=twsrc%5Etfw\">2. M\u00e4rz 2019<\/a><\/p><\/blockquote>\n<p><span id=\"preserve5108d83a1c784885ac4e7a3eb802bdc0\" class=\"wlWriterPreserve\"><SCRIPT charset=\"utf-8\" src=\"https:\/\/platform.twitter.com\/widgets.js\" async><\/SCRIPT><\/span>  <\/p>\n<p>The vulnerability can lead to the arbitrary code execution and is already exploited. The security issue allows an attacker to bypass restrictions on uploading files. To take advantage of this, the attacker must be able to upload executable code to a directory of files on a web server. The code can then be executed via an HTTP request, says Adobe in its security bulletin <a href=\"https:\/\/helpx.adobe.com\/security\/products\/coldfusion\/apsb19-14.html\" target=\"_blank\" rel=\"noopener noreferrer\">APSB 19-14<\/a>. All versions of ColdFusion that do not have the latest updates are affected by the vulnerability (<a href=\"https:\/\/helpx.adobe.com\/security\/products\/coldfusion\/apsb19-14.html\">CVE-2019-7816<\/a>), regardless of the platform. <\/p>\n<p>Charlie Arehart, an independent consultant responsible for reporting the vulnerability, told <a href=\"https:\/\/web.archive.org\/web\/20190401194009\/https:\/\/www.bleepingcomputer.com\/news\/security\/update-coldfusion-now-critical-zero-day-bug-exploited-in-the-wild\/\" target=\"_blank\" rel=\"noopener noreferrer\">Bleeping Computer<\/a> that he discovered the bug when he was deployed against one of his clients and analyzed the attack. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Adobe ColdFusion users should update to the latest version immediately. Adobe has closed a critical vulnerability that is already being exploited with a security update.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547,22],"tags":[69,195],"class_list":["post-8785","post","type-post","status-publish","format-standard","hentry","category-security","category-software","category-update","tag-security","tag-update"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/8785","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=8785"}],"version-history":[{"count":1,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/8785\/revisions"}],"predecessor-version":[{"id":35360,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/8785\/revisions\/35360"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=8785"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=8785"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=8785"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}