Contact Contact Us

WEEKLY COMMENTS

Adobe has issued an emergency patch for a critical vulnerability (CVE-2019-7816) in Adobe ColdFusion web application development platform that is being exploited in the wild. A remote attacker with the ability to upload executable code to a web-accessible directory can execute the uploaded code via HTTP request. ColdFusion 2018 (update 2 and earlier), 2016 (update 9 and earlier), and ColdFusion 11 (update 17 and prior) are susceptible to the attacks. System administrators should upgrade to the latest ColdFusion version to mitigate against potential attacks. If patching is not possible, administrators can mitigate against the attacks by setting restrictions for requests to directories that store uploaded files.

References:
[1] Security updates available for ColdFusion | APSB19-14

Ensign InfoSecurity Singapore
30A Kallang Place
#08-01
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883