Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Example Analysis of arbitrary Command execution vulnerability in Adobe ColdFusion

2025-04-01 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Internet Technology >

Share

Shulou(Shulou.com)06/01 Report--

This article will explain in detail the example analysis of arbitrary command execution vulnerabilities in Adobe ColdFusion. The content of the article is of high quality, so the editor will share it with you for reference. I hope you will have some understanding of the relevant knowledge after reading this article.

0x00 event description

In its security update released on September 12, 2017, Adobe ColdFusion mentioned a serious deserialization vulnerability in previous versions (CVE-2017-11283, CVE-2017-11284) that could lead to remote code execution. When using Flex integration service to open Remote Adobe LiveCycle Data Management access, it may be affected by this vulnerability. Using this feature will open the RMI service and listen on port 1099. The version of Java that comes with ColdFusion is too low to verify the object types in the RMI request before deserialization.

360CERT has been analyzed and verified to confirm that the vulnerability does exist. Please update the vulnerability as soon as possible.

0x01 affects version

1.ColdFusion (2016 release) Update 4 and previous versions

2.ColdFusion 11 Update 12 and previous versions

Verification of 0x02 vulnerability exploitation

Send the constructed payload to the RMI service for a simple remote code execution verification.

0x03 repair scheme

1. Close Remote Adobe LiveCycle Data Management access on the administration page

two。 Upgrade the latest patch ColdFusion (2016 release) Update 5 ColdFusion 11 Update 13

This is the end of the example analysis of arbitrary command execution vulnerabilities in Adobe ColdFusion. I hope the above can be helpful and learn more. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Internet Technology

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report