|
|||
Rule General Information |
---|
Release Date: | 2018-10-09 | |
Rule Name: | Adobe ColdFusion DataServicesCFProxy Commons BeanUtils Insecure Deserialization Vulnerability(CVE-2018-15959) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. | |
Impact: | Adobe ColdFusion is prone to multiple remote code execution vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. | |
Affected OS: | Network Device, Solaris, FreeBSD, Windows, Mac OS, iOS, Other Unix, Linux, Others, Android | |
Reference: | SecurityTrackerID:1041621 SecurityFocusBID:105313 AdobeSecurityBulletins:apsb18-33 https://vuldb.com/?id.120031 |
|
Solutions |
---|
Applying the patch 11 Update 15/2016 Update 7/2018 Update 1 is able to eliminate this problem. |