CVE-2017-11283 Adobe Security Hotfix for ColdFusion (APSB17-30)

漏洞类别:Local

漏洞等级:

漏洞信息

Adobe ColdFusion is an application for developing Web sites.

Adobe has released security hotfixes for ColdFusion version 11 and the 2016 release. These hotfixes resolve an input validation issue that could be used in reflected XSS (cross-site scripting), External XML Entity (XXE) Reference and Deserialization of untrusted data.

Affected Versions:
ColdFusion (2016 release) Update 4 and earlier versions
ColdFusion 11 Update 12 and earlier versions

漏洞危害

Depending on the vulnerability being exploited, an unauthenticated, remote attacker could execution arbitrary Java or Javascript code or exploit XXE.

解决方案

The vendor has released a hotfix to patch this vulnerability. Please refer to APSB17-30 for detailed information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

APSB17-30

Leave a Reply