The Latest in IT Security

Adobe ColdFusion Vulnerability Exploited in the Wild

09
Nov
2018
Adobe ColdFusion Vulnerability Exploited in the Wild

adobe_sept_updates

The security hole in question is tracked as CVE-2018-15961 and it was resolved by Adobe in September with its Patch Tuesday updates. The vendor described the vulnerability as a critical unrestricted file upload bug that allows arbitrary code execution. This was one of the five flaws reported to Adobe by Pete Freitag of Foundeo.

The updates were initially assigned a priority rating of “2,” which indicates that exploitation is less likely. However, Adobe silently updated its advisory in late September after learning that CVE-2018-15961 had been actively exploited and assigned a priority rating of “1” for the ColdFusion 2018 and ColdFusion 2016 updates.

According to Volexity, which specializes in incident response, forensics and threat intelligence, there is no public exploit for the targeted ColdFusion vulnerability.

Read More

Leave a reply


Categories

TUESDAY, DECEMBER 11, 2018
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks