Adobe ColdFusion Zero-day Vulnerability

What is Adobe ColdFusion Zero-day?

Recently, Adobe have released an patch for the Adobe ColdFusion Zero-day for the following effected version:

  • ColdFusion 11
  • ColdFusion 2016
  • ColdFusion 2018

The vulnerabilities been categorised as CVE-2019-7816, which is an vulnerabilities that related to file-upload restricted bypass on the effected version.

This vulnerabilities have been found by those five(5) researches such as follows:

  • Charlie Arehart
  • Moshe Ruzin
  • Josh Ford
  • Jason Solarek
  • Bridge Catalog Team

You can read further details about this vulnerabilities here

Recommendation

The vulnerable adobe system need to install immediately by the administrator as suggested by Adobe. Due to the impact of the vulnerability can be consider as high rating to the system.

As a result, Adobe have release an patch for those vulnerable system such as follows:

  • ColdFusion 11 ( Updated version to Update 3)
  • ColdFusion 2016 ( Updated version to Update 10)
  • ColdFusion 2018 ( Updated version to Update 18)

For those are not familiar with the update naming, you can read as mentioned below:

Source: Adobe Security Bulletin and Adobe releases out-of-band update to patch ColdFusion zero-day

Author: Wan Ariff

He brings with him more than 2 years of working experience in Information Security filed which specializing in Penetration Testing and Digital Forensic. His passion is more to IT Security

Leave a Reply

Your email address will not be published. Required fields are marked *