TTCSIRT-163.091318: TT-CSIRT Advisory – Adobe Security Updates

TTCSIRT-163.091318: TT-CSIRT Advisory – Adobe Security Updates

Adobe has released a security update stating that the following issues have been discovered in Adobe ColdFusion:

a) A security bypass vulnerability that could allow for arbitrary folder creation – (CVE-2018-15963).

b) A directory listing vulnerability that could allow for information disclosure – (CVE-2018-15962).

c) An unrestricted file upload vulnerability that could allow for arbitrary code execution – (CVE-2018-15961).

Successful exploitation of the most severe of these vulnerabilities could result in an attacker executing arbitrary code in the context of the affected application.

Further information on these vulnerabilities and how they can be mitigated can be found on the Adobe Website at https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html