Tag

Coldfusion

All articles tagged with #coldfusion

Government Servers Breached by Hackers Exploiting Adobe ColdFusion Vulnerability

Originally Published 2 years ago — by The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about the active exploitation of a high-severity Adobe ColdFusion vulnerability by unidentified threat actors to gain initial access to government servers. The vulnerability, CVE-2023-26360, allows for arbitrary code execution and affects outdated versions of ColdFusion 2018 and ColdFusion 2021. At least two public-facing servers were compromised, and the attackers were able to drop malware and perform reconnaissance activities. No data exfiltration has been observed, but the threat actors attempted to decrypt passwords using the seed values found in the ColdFusion seed.properties file.

business cybersecurity coldfusion cybersecurity federal-agency server-breach threat-actors vulnerability

"Adobe Issues Urgent Warning on Exploited ColdFusion RCE Bug"

Originally Published 2 years ago — by BleepingComputer

Adobe has issued a warning about a critical pre-authentication remote code execution (RCE) vulnerability, CVE-2023-29300, in ColdFusion that is actively being exploited in attacks. The vulnerability allows unauthenticated visitors to execute commands on vulnerable ColdFusion servers. Although initially not exploited in the wild, Adobe has confirmed limited attacks. The details of the exploitation are unknown, but a proof-of-concept exploit has been published. Adobe recommends upgrading to the latest version of ColdFusion to patch the vulnerability, while researchers warn that it can be combined with another vulnerability, CVE-2023-29298, to bypass lockdown mode. Adobe has not yet responded to inquiries about the active exploitation.

technology cybersecurity adobe coldfusion cybersecurity exploited-attacks patch rce-vulnerability