Adobe.ColdFusion.CFFILE.Upload.Action.Unrestricted.File.Upload
Description
This indicates an attack attempt to exploit an Unrestricted File Upload vulnerability in Adobe ColdFusion.
A remote, unauthenticated attacker can exploit this vulnerability by uploading a malicious file to the target server (e.g., a .jspx file) via the upload.cfm script. Successful exploitation would lead to execution of arbitrary code in the security context of SYSTEM or root on the server.
Affected Products
Adobe Systems ColdFusion 11 prior to Update 19
Adobe Systems ColdFusion 2016 prior to Update 11
Adobe Systems ColdFusion 2018 prior to Update 4
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://helpx.adobe.com/security/products/coldfusion/apsb19-27.html
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-11-05 | 14.717 | Sig Added |
2019-08-16 | 14.671 | Sig Added |
2019-06-27 | 14.640 | Default_action:pass:drop |
2019-06-19 | 14.635 |