TTCSIRT-163.091318: TT-CSIRT Advisory – Adobe Security Updates
Adobe has released a security update stating that the following issues have been discovered in Adobe ColdFusion:
a) A security bypass vulnerability that could allow for arbitrary folder creation – (CVE-2018-15963).
b) A directory listing vulnerability that could allow for information disclosure – (CVE-2018-15962).
c) An unrestricted file upload vulnerability that could allow for arbitrary code execution – (CVE-2018-15961).
Successful exploitation of the most severe of these vulnerabilities could result in an attacker executing arbitrary code in the context of the affected application.
| Further information on these vulnerabilities and how they can be mitigated can be found on the Adobe Website at https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html |