Adobe ColdFusion CVE-2019-7091 Arbitrary Code Execution Vulnerability
BID:106968
Info
Adobe ColdFusion CVE-2019-7091 Arbitrary Code Execution Vulnerability
| Bugtraq ID: | 106968 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2019-7091 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 12 2019 12:00AM |
| Updated: | Feb 12 2019 12:00AM |
| Credit: | Wang Cheng of Venustech ADLab |
| Vulnerable: |
Adobe ColdFusion 2018.0 Update 1 Adobe ColdFusion 2016.0 Update 7 Adobe ColdFusion 2016.0 Update 6 Adobe ColdFusion 2016.0 Update 5 Adobe ColdFusion 2016.0 Update 4 Adobe ColdFusion 2016.0 Update 3 Adobe ColdFusion 2016.0 Update 2 Adobe ColdFusion 2016.0 Update 1 Adobe ColdFusion 2016.0 Adobe ColdFusion 11 Update 9 Adobe ColdFusion 11 Update 8 Adobe ColdFusion 11 Update 7 Adobe ColdFusion 11 Update 6 Adobe ColdFusion 11 Update 5 Adobe ColdFusion 11 Update 4 Adobe ColdFusion 11 Update 3 Adobe ColdFusion 11 Update 2 Adobe ColdFusion 11 Update 15 Adobe ColdFusion 11 Update 14 Adobe ColdFusion 11 Update 13 Adobe ColdFusion 11 Update 12 Adobe ColdFusion 11 Update 11 Adobe ColdFusion 11 Update 10 Adobe ColdFusion 11 Update 1 Adobe ColdFusion 11 |
| Not Vulnerable: |
Adobe ColdFusion 2018.0 Update 2 Adobe ColdFusion 2016.0 Update 8 Adobe ColdFusion 11 Update 16 |
Discussion
Adobe ColdFusion CVE-2019-7091 Arbitrary Code Execution Vulnerability
Adobe Digital Editions is prone to an unspecified arbitrary code-execution vulnerability.
Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.
The following versions are affected:
ColdFusion 2018 Update 1 and prior versions.
ColdFusion 2016 Update 7 and prior versions.
ColdFusion 11 Update 15 and prior versions.
Adobe Digital Editions is prone to an unspecified arbitrary code-execution vulnerability.
Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.
The following versions are affected:
ColdFusion 2018 Update 1 and prior versions.
ColdFusion 2016 Update 7 and prior versions.
ColdFusion 11 Update 15 and prior versions.
Exploit / POC
Adobe ColdFusion CVE-2019-7091 Arbitrary Code Execution Vulnerability
Currently, we are not aware of any exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Adobe ColdFusion CVE-2019-7091 Arbitrary Code Execution Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Adobe ColdFusion CVE-2019-7091 Arbitrary Code Execution Vulnerability
References:
References:
- Adobe Homepage (Adobe)
- APSB19-10: Security updates available for ColdFusion (Adobe)