Unpatched ColdFusion servers under attack

Threat actors are attacking unpatched Adobe ColdFusion servers after reverse engineering an Adobe patch released in September. 

According to a ZDNet report, the cyber attacks started in late September and has been targeting ColdFusion servers not updated with the Adobe patches released a couple weeks before, on September 11.

The hackers are targeting a critical unrestricted file upload vulnerability (CVE-2018-15961) that could lead to remote code execution.

The vulnerability was patched as part of Adobe’s ColdFusion security advisory APSB18-33

Leave a Reply

Close Menu