Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2017-3066
HistoryApr 27, 2017 - 2:59 p.m.

CVE-2017-3066

2017-04-2714:59:00
CWE-502
[email protected]
web.nvd.nist.gov

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.91 High

EPSS

Percentile

98.9%

JSON

Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a Java deserialization vulnerability in the Apache BlazeDS library. Successful exploitation could lead to arbitrary code execution.

Affected configurations

NVD
Node
adobecoldfusionMatch10.0-
OR
adobecoldfusionMatch10.0update1
OR
adobecoldfusionMatch10.0update10
OR
adobecoldfusionMatch10.0update11
OR
adobecoldfusionMatch10.0update12
OR
adobecoldfusionMatch10.0update13
OR
adobecoldfusionMatch10.0update14
OR
adobecoldfusionMatch10.0update15
OR
adobecoldfusionMatch10.0update16
OR
adobecoldfusionMatch10.0update17
OR
adobecoldfusionMatch10.0update18
OR
adobecoldfusionMatch10.0update19
OR
adobecoldfusionMatch10.0update2
OR
adobecoldfusionMatch10.0update20
OR
adobecoldfusionMatch10.0update21
OR
adobecoldfusionMatch10.0update22
OR
adobecoldfusionMatch10.0update3
OR
adobecoldfusionMatch10.0update4
OR
adobecoldfusionMatch10.0update5
OR
adobecoldfusionMatch10.0update6
OR
adobecoldfusionMatch10.0update7
OR
adobecoldfusionMatch10.0update8
OR
adobecoldfusionMatch10.0update9
OR
adobecoldfusionMatch11.0-
OR
adobecoldfusionMatch11.0update1
OR
adobecoldfusionMatch11.0update10
OR
adobecoldfusionMatch11.0update11
OR
adobecoldfusionMatch11.0update2
OR
adobecoldfusionMatch11.0update3
OR
adobecoldfusionMatch11.0update4
OR
adobecoldfusionMatch11.0update5
OR
adobecoldfusionMatch11.0update6
OR
adobecoldfusionMatch11.0update7
OR
adobecoldfusionMatch11.0update8
OR
adobecoldfusionMatch11.0update9
OR
adobecoldfusionMatch2016-
OR
adobecoldfusionMatch2016update1
OR
adobecoldfusionMatch2016update2
OR
adobecoldfusionMatch2016update3

Related

cve 1
exploitpack 1
cvelist 1
attackerkb 1
ics 1
nessus 2
prion 1
zdt 1
packetstorm 1
exploitdb 1
talosblog 1
openvas 1
adobe 1
threatpost 1
seebug 1
impervablog 1
cve
cve
CVE-2017-3066
2017-04-27 14:59:00
exploitpack
exploitpack
Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization Remote Code Execution
2018-02-07 00:00:00
cvelist
cvelist
CVE-2017-3066
2017-04-27 14:00:00
attackerkb
attackerkb
CVE-2017-3066
2017-04-27 00:00:00
ics
ics
Publicly Available Tools Seen in Cyber Incidents Worldwide
2020-06-30 12:00:00
nessus
nessus
Adobe ColdFusion BlazeDS Java Object Deserialization RCE
2017-04-28 00:00:00
Adobe ColdFusion 10.x < 10u23 / 11.x < 11u12 / 2016.x < 2016u4 Multiple Vulnerabilities (APSB17-14)
2017-04-25 00:00:00
prion
prion
Deserialization of untrusted data
2017-04-27 14:59:00
zdt
zdt
Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization Remote Code Execution Exploit
2018-02-07 00:00:00
packetstorm
packetstorm
Adobe Coldfusion 11.0.03.292866 Remote Code Execution
2018-02-07 00:00:00
exploitdb
exploitdb
Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization Remote Code Execution
2018-02-07 00:00:00
talosblog
talosblog
Rocke: The Champion of Monero Miners
2018-08-30 08:26:00
openvas
openvas
Adobe ColdFusion Multiple Vulnerabilities (APSB17-14)
2017-04-26 00:00:00
adobe
adobe
APSB17-14 Security update available for ColdFusion
2017-04-25 00:00:00
threatpost
threatpost
New Threat Actor β€˜Rocke’: A Rising Monero Cryptomining Menace
2018-08-30 20:35:39
seebug
seebug
Adobe ColdFusion εεΊεˆ—εŒ–ζΌζ΄žοΌˆCVE-2017-3066οΌ‰
2018-03-30 00:00:00
impervablog
impervablog
Deserialization Attacks Surge Motivated by Illegal Crypto-mining
2018-01-24 17:45:08

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.91 High

EPSS

Percentile

98.9%

JSON
Related for NVD:CVE-2017-3066
cve1exploitpack1cvelist1attackerkb1ics1nessus2prion1zdt1packetstorm1exploitdb1talosblog1openvas1adobe1threatpost1seebug1impervablog1