Adobe ColdFusion Arbitrary Command Execution Vulnerability (CVE-2016-1114) (APSB16-16)
Adobe ColdFusion Arbitrary Command Execution Vulnerability (CVE-2016-1114) (APSB16-16)
Release date:
Updated on:
Affected Systems:
Adobe ColdFusion & lt; 2016 Update 1
Adobe ColdFusion <11 Update 8
Adobe ColdFusion <10 Update 19
Description:
CVE (CAN) ID: CVE-2016-1114
Adobe ColdFusion is a dynamic Web server.
Adobe ColdFusion 10 versions earlier than Update 19, 11 versions earlier than Update 8, and 2016 versions earlier than Update 1 have a security vulnerability. By constructing serialized Java objects, remote attackers can exploit this vulnerability to execute arbitrary code.
<* Source: Adobe (PSIRT@adobe.com)
Link: https://helpx.adobe.com/security/products/coldfusion/apsb16-16.html
*>
Suggestion:
Vendor patch:
Adobe
-----
Adobe has released a Security Bulletin (APSB16-16) and patches for this:
APSB16-16: Hotfixes available for ColdFusion
Link: https://helpx.adobe.com/security/products/coldfusion/apsb16-16.html
This article permanently updates the link address: