Adobe ColdFusion Deserialization Vulnerability

Adobe ColdFusion contains a deserialization vulnerability in the Apache BlazeDS library that allows for arbitrary code execution...

CVE-2017-5641

Previous versions of Apache Flex BlazeDS 4.7.2 and earlier did not restrict which types were allowed for AMFX object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such...

CVE-2017-3066

Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a Java deserialization vulnerability in the Apache BlazeDS library. Successful exploitation could lead to arbitrary code execution...

Deserialization of untrusted data

Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a Java deserialization vulnerability in the Apache BlazeDS library. Successful exploitation could lead to arbitrary code execution...

CVE-2017-3066

CVE-2017-3066 is an Adobe ColdFusion deserialization vulnerability in the Apache BlazeDS library. Affected products include ColdFusion 2016 Update 3 and earlier, ColdFusion 11 Update 11 and earlier, and ColdFusion 10 Update 22 and earlier. The flaw stems from Java deserialization of BlazeDS objec...

CVE-2017-3066

Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a Java deserialization vulnerability in the Apache BlazeDS library. Successful exploitation could lead to arbitrary code execution...

CVE-2017-3066

Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a Java deserialization vulnerability in the Apache BlazeDS library. Successful exploitation could lead to arbitrary code execution...

CVE-2017-3066

Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a Java deserialization vulnerability in the Apache BlazeDS library. Successful exploitation could lead to arbitrary code execution. Recent assessments: Assessed Attacker Value...

ColdFusion Hotfix Resolves XSS, Java Deserialization Bugs

Adobe today released an important security hotfix for several versions of its ColdFusion rapid web application development platform. The company said the update addresses an input validation vulnerability CVE-2017-3008 in the software that could be used in reflected cross-site scripting XSS...

Adobe ColdFusion 10.x < 10u23 / 11.x < 11u12 / 2016.x < 2016u4 Multiple Vulnerabilities (APSB17-14)

The version of Adobe ColdFusion running on the remote Windows host is 10.x prior to update 23, 11.x prior to update 12, 2016.x prior to update 4. It is, therefore, affected by multiple vulnerabilities : - A reflected cross-site scripting XSS vulnerability exists due to improper validation of...

APSB17-14 Security update available for ColdFusion

Adobe has released security hotfixes for ColdFusion versions 10, 11 and the 2016 release. These hotfixes resolve an input validation issue that could be used in reflected XSS cross-site scripting attacks CVE-2017-3008. These hotfixes also include an updated version of Apache BlazeDS to mitigate...

APSB15-30 Security update available for LiveCycle Data Services

Adobe has released a security update for LiveCycle Data Services. This update includes an updated version of Apache™ BlazeDS that resolves an important server-side request forgery vulnerability. Adobe recommends users apply the available updates using the instructions provided in the "Solution"...