5 matches found
CVE-2017-11283
CVE-2017-11283 is a Java deserialization flaw in Adobe ColdFusion's insecure handling of untrusted data (notably via DataServicesCFProxy). Affected: ColdFusion 2016 Update 4 and earlier; ColdFusion 11 Update 12 and earlier. The root cause is unsafe deserialization which could allow remote code ex...
CVE-2017-11283
Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11...
Adobe ColdFusion DataServicesCFProxy Insecure Deserialization (CVE-2017-11283)
An insecure deserialization vulnerability exists in the Flex integration service of Adobe ColdFusion. The vulnerability is due to the lack of input validation by the DataServicesCFProxy. A successful attack could lead to a remote code execution...
Adobe ColdFusion arbitrary command execution flaws vulnerability 0day(CVE–2017–11283, CVE–2017–11284)early warning-vulnerability warning-the black bar safety net
Adobe ColdFusion in 2017 9 November 12 released a network security update in refer to the previous version, there is a serious deserialization flaws vulnerability bug(CVE-2017-11283, CVE-2017-11284, and may incur long-distance code to fulfill. When applying the Flex integration-do on Remote Adobe...
Adobe ColdFusion Deserialization RCE (CVE-2017-11283, CVE-2017-11238)
During my research into the Java Remote Method Invocation RMI protocol, the most common RMI service that I came across was Adobe ColdFusion’s Flex integration service which is used to support integration between Flash applications and ColdFusion components. A quick look at this service led to the...