In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-01 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Internet Technology >
Share
Shulou(Shulou.com)06/01 Report--
This article will explain in detail the example analysis of arbitrary command execution vulnerabilities in Adobe ColdFusion. The content of the article is of high quality, so the editor will share it with you for reference. I hope you will have some understanding of the relevant knowledge after reading this article.
0x00 event description
In its security update released on September 12, 2017, Adobe ColdFusion mentioned a serious deserialization vulnerability in previous versions (CVE-2017-11283, CVE-2017-11284) that could lead to remote code execution. When using Flex integration service to open Remote Adobe LiveCycle Data Management access, it may be affected by this vulnerability. Using this feature will open the RMI service and listen on port 1099. The version of Java that comes with ColdFusion is too low to verify the object types in the RMI request before deserialization.
360CERT has been analyzed and verified to confirm that the vulnerability does exist. Please update the vulnerability as soon as possible.
0x01 affects version
1.ColdFusion (2016 release) Update 4 and previous versions
2.ColdFusion 11 Update 12 and previous versions
Verification of 0x02 vulnerability exploitation
Send the constructed payload to the RMI service for a simple remote code execution verification.
0x03 repair scheme
1. Close Remote Adobe LiveCycle Data Management access on the administration page
two。 Upgrade the latest patch ColdFusion (2016 release) Update 5 ColdFusion 11 Update 13
This is the end of the example analysis of arbitrary command execution vulnerabilities in Adobe ColdFusion. I hope the above can be helpful and learn more. If you think the article is good, you can share it for more people to see.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.