2 matches found
Adobe ColdFusion Deserialization RCE (CVE-2017-11283, CVE-2017-11238)
During my research into the Java Remote Method Invocation RMI protocol, the most common RMI service that I came across was Adobe ColdFusion’s Flex integration service which is used to support integration between Flash applications and ColdFusion components. A quick look at this service led to the...
CVE-2017-11238
The connected material confirms CVE-2017-11238 is a Java deserialization vulnerability in Adobe ColdFusion’s Flex Integration service (DataServicesCFProxy) exposed via an RMI interface. The flaw allows arbitrary Java objects to be deserialized over the network, enabling remote code execution when...