Analysis & Insights

Weekly Comments

26 February - 5 March 2019

Adobe has issued an emergency patch for a critical vulnerability (CVE-2019-7816) in Adobe ColdFusion web application development platform that is being exploited in the wild.
Adobe has issued an emergency patch for a critical vulnerability (CVE-2019-7816) in Adobe ColdFusion web application development platform that is being exploited in the wild. A remote attacker with the ability to upload executable code to a web-accessible directory can execute the uploaded code via HTTP request. ColdFusion 2018 (update 2 and earlier), 2016 (update 9 and earlier), and ColdFusion 11 (update 17 and prior) are susceptible to the attacks. System administrators should upgrade to the latest ColdFusion version to mitigate against potential attacks. If patching is not possible, administrators can mitigate against the attacks by setting restrictions for requests to directories that store uploaded files. 

References:
[1] Security updates available for ColdFusion | APSB19-14<hxxps:></hxxps:>
 
 

More Weekly Cyber Newsanalysis and insights

Weekly Comments

26 February - 5 March 2019

Adobe has issued an emergency patch for a critical vulnerability (CVE-2019-7816) in Adobe ColdFusion web application development platform that is being exploited in the wild.
Adobe has issued an emergency patch for a critical vulnerability (CVE-2019-7816) in Adobe ColdFusion web application development platform that is being exploited in the wild. A remote attacker with the ability to upload executable code to a web-accessible directory can execute the uploaded code via HTTP request. ColdFusion 2018 (update 2 and earlier), 2016 (update 9 and earlier), and ColdFusion 11 (update 17 and prior) are susceptible to the attacks. System administrators should upgrade to the latest ColdFusion version to mitigate against potential attacks. If patching is not possible, administrators can mitigate against the attacks by setting restrictions for requests to directories that store uploaded files. 

References:
[1] Security updates available for ColdFusion | APSB19-14<hxxps:></hxxps:>
 
 

More Weekly Cyber Newsanalysis and insights