|
|
|||
| Rule General Information |
|---|
| Release Date: | 2018-10-09 | |
| Rule Name: | Adobe ColdFusion DataServicesCFProxy Commons BeanUtils Insecure Deserialization Vulnerability(CVE-2018-15959) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. | |
| Impact: | Adobe ColdFusion is prone to multiple remote code execution vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. | |
| Affected OS: | Network Device, Solaris, FreeBSD, Windows, Mac OS, iOS, Other Unix, Linux, Others, Android | |
| Reference: | SecurityTrackerID:1041621 SecurityFocusBID:105313 AdobeSecurityBulletins:apsb18-33 https://vuldb.com/?id.120031 |
|
| Solutions |
|---|
| Applying the patch 11 Update 15/2016 Update 7/2018 Update 1 is able to eliminate this problem. |