What is Adobe ColdFusion Zero-day?
Recently, Adobe have released an patch for the Adobe ColdFusion Zero-day for the following effected version:
- ColdFusion 11
- ColdFusion 2016
- ColdFusion 2018
The vulnerabilities been categorised as CVE-2019-7816, which is an vulnerabilities that related to file-upload restricted bypass on the effected version.
This vulnerabilities have been found by those five(5) researches such as follows:
- Charlie Arehart
- Moshe Ruzin
- Josh Ford
- Jason Solarek
- Bridge Catalog Team
You can read further details about this vulnerabilities here
The vulnerable adobe system need to install immediately by the administrator as suggested by Adobe. Due to the impact of the vulnerability can be consider as high rating to the system.
As a result, Adobe have release an patch for those vulnerable system such as follows:
- ColdFusion 11 ( Updated version to Update 3)
- ColdFusion 2016 ( Updated version to Update 10)
- ColdFusion 2018 ( Updated version to Update 18)
For those are not familiar with the update naming, you can read as mentioned below: