Weekly Comments

26 February - 5 March 2019

Adobe has issued an emergency patch for a critical vulnerability (CVE-2019-7816) in Adobe ColdFusion web application development platform that is being exploited in the wild.
Adobe has issued an emergency patch for a critical vulnerability (CVE-2019-7816) in Adobe ColdFusion web application development platform that is being exploited in the wild. A remote attacker with the ability to upload executable code to a web-accessible directory can execute the uploaded code via HTTP request. ColdFusion 2018 (update 2 and earlier), 2016 (update 9 and earlier), and ColdFusion 11 (update 17 and prior) are susceptible to the attacks. System administrators should upgrade to the latest ColdFusion version to mitigate against potential attacks. If patching is not possible, administrators can mitigate against the attacks by setting restrictions for requests to directories that store uploaded files. 

References:
[1] Security updates available for ColdFusion | APSB19-14<hxxps:></hxxps:>
 
 

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Solutioning

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence