Adobe Coldfusion BlazeDS Java Object Deserialisation RCE

Adobe ColdfusionAdobe ColdFusion is a commercial rapid web application development platform created by JJ Allaire in 1995. (The programming language used with that platform is also commonly called ColdFusion, though is more accurately known as CFML.) ColdFusion was originally designed to make it easier to connect simple HTML pages to a database. By Version 2 (1996), it became a full platform that included an IDE in addition to a full scripting language.

Adobe Coldfusion, a commercial Rapid Web Technology Application Development Platform created by Adobe is affected to a Java Deserialisation Flaw in its Apache BlazeDS Library when it handles untrusted Java Objects which further gives Attacker the permission to attack remotely as a Remote Code Execution Vulnerability.

Affected Platforms

  • Adobe ColdFusion 2016 Update 3 and earlier
  • Adobe ColdFusion 11 update 11 and earlier
  • ColdFusion 10 Update 22 and earlier

Lab Environment

Security Patches : Upgrade to Adobe ColdFusion version 10 update 23 / 11 update 12 / 2016 update 4 or later.



Speaker, Founder, and CEO — Global hack News | Latest Hacking News, IT Security News, and Cyber Security

Leave a Reply