CVE-2017-3008 Adobe Security Hotfix for ColdFusion (APSB17-14)

漏洞类别:Local

漏洞等级:

漏洞信息

Adobe ColdFusion is an application for developing Web sites.

Adobe has released security hotfixes for ColdFusion versions 10, 11 and the 2016 release. These hotfixes resolve an input validation issue that could be used in reflected XSS (cross-site scripting) attacks (CVE-2017-3008). These hotfixes also include an updated version of Apache BlazeDS to mitigate java deserialization (CVE-2017-3066).

Affected Versions:
ColdFusion (2016 release) Update 3 and earlier versions
ColdFusion 11 Update 11 and earlier versions
ColdFusion 10 Update 22 and earlier versions

漏洞危害

Depending on the vulnerability being exploited, a remote attacker could execute arbitrary code or conduct cross-site scripting attacks against a targeted server.

解决方案

The vendor has released a hotfix to patch this vulnerability. Please refer to APSB17-14 for detailed information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

APSB17-14: /windows/i

0day

发表评论