Multiple vulnerabilities in Adobe ColdFusion

Published: 2019-06-11 | Updated: 2019-06-11
Severity High
Patch available YES
Number of vulnerabilities 3
CVE ID CVE-2019-7838
CVE-2019-7839
CVE-2019-7840
CWE ID CWE-434
CWE-78
CWE-502
Exploitation vector Network
Public exploit N/A
Vulnerable software ColdFusion Subscribe
Vendor Adobe

Security Advisory

1) Arbitrary file upload

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-7838

CWE-ID: CWE-434 - Unrestricted Upload of File with Dangerous Type

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to an error when processing file uplaods. A remote attacker can bypass file extensions blacklist, upload and execute arbitrary file on the server.

Note: exploitation of this vulnerability is possible if file upload directory is web accessible.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

ColdFusion: 10 Update 11, 11, 11 Update 1, 11 Update 2, 11 Update 3, 11 Update 4, 11 Update 5, 11 Update 6, 11 Update 7, 11 Update 8, 11 Update 9, 11 Update 10, 11 Update 11, 11 Update 12, 11 Update 13, 11 Update 14, 11 Update 15, 11 Update 16, 11 Update 17, 11 Update 18, 2016, 2016 Update 1, 2016 Update 2, 2016 Update 3, 2016 Update 4, 2016 Update 5, 2016 Update 6, 2016 Update 7, 2016 Update 8, 2016 Update 9, 2016 Update 10, 2018 Update 1, 2018 Update 2, 2018 Update 3, 2018.0.0.310739

CPE External links

https://helpx.adobe.com/security/products/coldfusion/apsb19-27.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) OS Command Injection

Severity: High

CVSSv3: 8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-7839

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to unknown error when processing requests. A remote unauthenticated attacker can send a specially crafted request to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

ColdFusion: 2016, 2016 Update 1, 2016 Update 2, 2016 Update 3, 2016 Update 4, 2016 Update 5, 2016 Update 6, 2016 Update 7, 2016 Update 8, 2016 Update 9, 2016 Update 10, 2018 Update 1, 2018 Update 2, 2018 Update 3, 2018.0.0.310739

CPE External links

https://helpx.adobe.com/security/products/coldfusion/apsb19-27.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Deserialization of Untrusted Data

Severity: High

CVSSv3: 8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-7840

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing serialized data. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

ColdFusion: 10 Update 11, 11, 11 Update 1, 11 Update 2, 11 Update 3, 11 Update 4, 11 Update 5, 11 Update 6, 11 Update 7, 11 Update 8, 11 Update 9, 11 Update 10, 11 Update 11, 11 Update 12, 11 Update 13, 11 Update 14, 11 Update 15, 11 Update 16, 11 Update 17, 11 Update 18, 2016, 2016 Update 1, 2016 Update 2, 2016 Update 3, 2016 Update 4, 2016 Update 5, 2016 Update 6, 2016 Update 7, 2016 Update 8, 2016 Update 9, 2016 Update 10, 2018 Update 1, 2018 Update 2, 2018 Update 3, 2018.0.0.310739

CPE External links

https://helpx.adobe.com/security/products/coldfusion/apsb19-27.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.