Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a Java deserialization vulnerability in the Apache BlazeDS library. Successful exploitation could lead to arbitrary code execution.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/98003 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1038364 | Third Party Advisory VDB Entry |
https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html | Patch Vendor Advisory |
https://www.exploit-db.com/exploits/43993/ | Exploit Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/98003 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1038364 | Third Party Advisory VDB Entry |
https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html | Patch Vendor Advisory |
https://www.exploit-db.com/exploits/43993/ | Exploit Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 03:24
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/98003 - Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id/1038364 - Third Party Advisory, VDB Entry | |
References | () https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html - Patch, Vendor Advisory | |
References | () https://www.exploit-db.com/exploits/43993/ - Exploit, Third Party Advisory, VDB Entry |
Information
Published : 2017-04-27 14:59
Updated : 2024-11-21 03:24
NVD link : CVE-2017-3066
Mitre link : CVE-2017-3066
CVE.ORG link : CVE-2017-3066
JSON object : View
Products Affected
adobe
- coldfusion
CWE
CWE-502
Deserialization of Untrusted Data