Shulou(Shulou.com)05/31 Report--

This article introduces how to analyze the vulnerabilities of Adobe ColdFusion RCE CVE-2019-7839. The content is very detailed. Interested friends can use it for reference. I hope it will be helpful to you.

Brief introduction of vulnerabilities

Adobe ColdFusion is a commercial rapid development platform. It can be used as a development platform, can also provide Flash remote services or as a background server for Adobe Flex applications.

On June 11, 2019, Adobe issued a security bulletin [1], fixing a number of serious vulnerabilities in Adobe ColdFusion. There is a command injection vulnerability submitted by Moritz Bechler (CVE-2019-7839).

On June 26th, 2019, Moritz Bechler published some details of the remote code execution vulnerability (CVE-2019-7839) on Bugtraq [2]. Due to defects in the JNBridge component, ColdFusion turned on the JNBridge component by default, resulting in code execution vulnerabilities.

Vulnerability impact

ColdFusion 2018 Update 3 and previous versions

ColdFusion 2018 Update 10 and earlier

ColdFusion 11 Update 18 and previous versions

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.