Earlier this month, Adobe urgently patched ColdFusion security vulnerabilities that had been exploited by hackers. ColdFusion is a commercial rapid web application development platform.
This vulnerability, numbered CVE-2019-7816, will allow hackers to execute arbitrary codes and is therefore listed as a significance level of threat, and Adobe urges users to patch it as soon as possible.
According to Adobe’s instructions, this vulnerability allows hackers to bypass the limitations of uploading files, uploading executable files to a file directory on a network server, and executing malicious files with HTTP requests.
This vulnerability affects ColdFusion 11, ColdFusion 2016 and ColdFusion 2018. Adobe’s routine security update schedule is consistent with Microsoft’s, for the second Tuesday of each month, the March patching update should be available on March 12. However, this is a remote attack vulnerability, and has been used by hackers. Therefore, Adobe urgently issued an update in advance. Besides, users are suggested to apply security configuration settings. No technical skill is required. Needed information is shown in the platform’s lockdown guides and the ColdFusion security page.
If you failed to update Adobe, you can limit the request to upload file storage directories to stop attack effectively. To prevent attacks, be more cautious online. Don’t click on links, ads, folders and other programs from unknown sources.
Published by Emerson L. Sullivan & last updated on March 8, 2019 6:53 am