Hackers Actively Exploit Multiple Adobe ColdFusion Vulnerabilities

19 July 2023

The CVE-2023-29300 patch blocks specific class deserialization in ColdFusion’s WDDX data, preventing gadget-based attacks without breaking existing dependencies. The Project Discovery authors identified a functional gadget, leveraging com.sun.rowset.JdbcRowSetImpl can achieve remote code execution as it’s not on Adobe’s Denylist.

Source: GBHackers

Date:

19 July 2023

Categorie(s):

NEWS

Tag(s):

Adobe, Adobe ColdFusion, New, Security Pro, Vulnerability

Discord dismantles Spy.pet site that snooped on millions of users29 April 2024
Securing the future of IoT: Why attack surface management is key29 April 2024
No more 12345: devices with weak passwords to be banned in UK28 April 2024
20 Best Linux Password Managers in 202428 April 2024
Reliable Web App Pattern: Now Optimizes Azure Migration with Enhanced Infrastructure and Security28 April 2024