Ant 6 years ago
@joe

three critical and one important flaw reside in Cold Fusion, including a critical XML parsing flaw (CVE-2017-11286), an important XSS (cross-site scripting) bug (CVE-2017-11285) that could lead to information disclosure and mitigation for unsafe Java deserialization, resulting in remote code execution (CVE-2017-11283, CVE-2017-11284).
  • 2

Replies

  • Ant 6 years ago
    ....
    These vulnerabilities affect all platforms and have been discovered and reported by Nick Bloor of NCC Group, Daniel Sayk of Telekom Security and Daniel Lawson of Depth Security.

    The issues have been patched in the latest Adobe ColdFusion version 2016 Release Update 5 and version 11 Update 13.
    • 1
  • Joe 6 years ago
    Cheers mate. Will let everyone know tomorrow. The WAF will do it's job for that.
    • 1
  • Ant 6 years ago
    you back in work again tomorrow ? thought you'd have a few days extra to re-acclimatize :P
    • 1
  • Joe 6 years ago
    Aye tomorrow. I feel okay TBF
    • 1