High Threat Security Alert (A19-03-01): Vulnerability in Adobe ColdFusion


 

Published on: 04 March 2019

  
  

Description:

Adobe released a security update to address a “File Upload Restriction Bypass” vulnerability in ColdFusion. A remote attacker could upload a specially crafted file to a web-accessible directory and send a malicious HTTP request to exploit the vulnerability.

Reports indicate that the vulnerability (CVE-2019-7816) is being exploited in the wild. Users are advised to take immediate action to patch the affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • ColdFusion 2018 Update 2 and earlier versions
  • ColdFusion 2016 Update 9 and earlier versions
  • ColdFusion 11 Update 17 and earlier versions

 

Impact:

A successful exploitation could lead to arbitrary code execution on an affected system.

 

Recommendation:

Upgrade Adobe ColdFusion to the following versions to address the issue.

  • ColdFusion 2018 Update 3
    https://helpx.adobe.com/coldfusion/kb/coldfusion-2018-update-3.html

  • ColdFusion 2016 Update 10
    https://helpx.adobe.com/in/coldfusion/kb/coldfusion-2016-update-10.html

  • ColdFusion 11 Update 18
    https://helpx.adobe.com/in/coldfusion/kb/coldfusion-11-update-18.html

 

More Information:

https://helpx.adobe.com/security/products/coldfusion/apsb19-14.html
https://www.hkcert.org/my_url/en/alert/19030401
https://www.us-cert.gov/ncas/current-activity/2019/03/01/Adobe-Releases-Security-Updates-ColdFusion
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7816

 



Tag: Adobe , ColdFusion
Tags