• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
WebSetNet

WebSetNet

Technology News

  • Technology News
    • Mobile
    • Games
  • Internet Marketing
  • System Admin
    • Windows
    • Linux
    • Mac & Apple
    • Website Scripts
      • Wordpress

Critical code execution vulnerability fixed in Adobe ColdFusion

March 23, 2021 by bartez64

Critical code execution vulnerability fixed in Adobe ColdFusion

Adobe has released out-of-band security updates to address a critical vulnerability impacting ColdFusion versions 2021, 2016, and 2018.

Today’s emergency updates patch an arbitrary code execution security flaw caused by an Improper Input Validation software vulnerability.

Adobe released ColdFusion 2016 Update 17, ColdFusion 2018 Update 11, and ColdFusion 2021 Update 1 to patch the vulnerability and said that all previous versions before these patches are vulnerable to attacks.

Updates to latest JDK also required to secure servers

In the security bulletin published today, Adobe tagged the vulnerability tracked as CVE-2021-21087 with “priority rating 2,” assigned to flaws with no known exploits affecting products that have historically been at elevated risk.

Adobe recommends administrators install the security updates as soon as possible and apply the security configuration settings outlined in the ColdFusion 2021, ColdFusion 2018, and ColdFusion 2016 lockdown guides.

“Adobe recommends updating your ColdFusion JDK/JRE to the latest version of the LTS releases for 1.8 and JDK 11,” the company also said.

“Applying the ColdFusion update without a corresponding JDK update will NOT secure the server.”

More details on how to apply these updates are available in the relevant Tech Notes linked in the table embedded below.

Product Vulnerable versions Updated version Platform Availability
ColdFusion 2016 Update 16 and earlier version Update 17 All Tech note
ColdFusion 2018 Update 10 and earlier versions Update 11 All Tech note
ColdFusion 2021 Version 2021.0.0.323925 Update 1 All Tech note

The US National Security Agency (NSA) has listed CVE-2018-4939 (an Adobe ColdFusion 14 bug) as one of the top 25 vulnerabilities used by Chinese state-sponsored or financially-motivated hackers to exploit public-facing servers.

For instance, in November 2018, China-backed hackers took over ColdFusion servers by deploying China Chopper backdoors after exploiting a bug tracked as CVE-2018-15961 and patched two months before.

Chinese-speaking cybercrime group Rocke was also observed earlier that year while dropping cryptomining malware on Internet-exposed by exploiting Adobe ColdFusion servers unpatched against similar bugs.

Another ColdFusion vulnerability, CVE-2018-15961, was included by the NSA a the list of most exploited bugs for deploying web shells on vulnerable servers.

Original Article

Related posts:

  1. Microsoft December 2020 Patch Tuesday fixes 58 vulnerabilities
  2. Microsoft Windows Security Updates July 2021 overview
  3. Microsoft Windows Security Updates September 2020 overview
  4. Microsoft Windows Security Updates June 2019 overview
  5. Microsoft Windows Security Updates November 2020 overview
  6. Microsoft Windows Security Updates April 2018 release overview
  7. Microsoft Windows Security Updates February 2019 overview
  8. Microsoft Security Updates February 2018 release
  9. Microsoft Windows Security Updates January 2021 overview
  10. How To Start A Premium WordPress Blog (Step-by-Step Guide)

Filed Under: Technology News

Primary Sidebar

Trending

  • How to fix Windows Update Error 80244019
  • Windows 10 Update keeps failing with error 0x8007001f – 0x20006
  • How To Change Netflix Download Location In Windows 10
  • Troubleshoot Outlook “Not implemented” Unable to Send Email Error
  • How do I enable or disable Alt Gr key on Windows 10 keyboard
  • How To Install Android App APK on Samsung Tizen OS Device
  • 3 Ways To Open PST File Without Office Outlook In Windows 10
  • FIX: Windows Update error 0x800f0986
  • How to Retrieve Deleted Messages on Snapchat
  • Latest Samsung Galaxy Note 20 leak is a spec dump revealing key features
  • Install Android 7.0 Nougat ROM on Galaxy Core 2 SM-G355H
  • 192.168.1.1 Login, Admin Page, Username, Password | Wireless Router Settings
  • Websites to Watch Movies Online – 10+ Best Websites Without SignUp/Downloading
  • How to Backup SMS Messages on Your Android Smartphone
  • How to delete a blank page at the end of a Microsoft Word document
  • Fix: The Disc Image File Is Corrupted Error In Windows 10
  • Android 11 Custom ROM List – Unofficially Update Your Android Phone!
  • Samsung Galaxy Z Fold 3 could be scheduled for June 2021, with S Pen support

Footer

Tags

Amazon amazon prime amazon prime video Apple Application software epic games Galaxy Note 20 Galaxy S22 Plus Galaxy S22 Ultra Google Sheets headphones Huawei icloud Instagram instant gaming ip address iPhone iphone 12 iphone 13 iphone 13 pro max macOS Microsoft Microsoft Edge Mobile app office 365 outlook Pixel 6 Samsung Galaxy Samsung Galaxy Book 2 Pro 360 Samsung Galaxy Tab S8 Smartphone speedtest speed test teams tiktok Twitter vpn WhatsApp whatsapp web Windows 10 Windows 11 Changes Windows 11 Release Windows 11 Update Windows Subsystem For Android Windows 11 Xiaomi

Archives

  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org