“The attackers we observed uploaded a China Chopper webshell to the compromised server which allowed them to easily execute commands as if they had direct command line access,” Matthew Meltzer, security researcher at Volexity told Threatpost.
Researchers at Volexity first observed the exploited vulnerability two weeks after Adobe released its update. While Adobe replaced the older WYSIWYG editor, FCKeditor, in previous versions of ColdFusion with CKEditor, “it appears … they inadvertently introduced an unauthenticated file upload vulnerability,” said researchers. The flaw stems from a WYSIWYG rich text editor in modern versions of ColdFusion, CKEditor. This effectively includes all versions of ColdFusion released over the last four years. Specifically impacted are ColdFusion 11 (Update 14 and earlier), ColdFusion 2016 (Update 6 and earlier), and ColdFusion 2018 (July 12 release). The flaws impact Adobe’s ColdFusion product, which is the company’s commercial web application development platform. The company did not respond to a request for further comment from Threatpost. The target server was missing a single update from Adobe that had been released just two weeks earlier.”Īdobe issued a fix for the unauthenticated file upload vulnerability in September. “In the attack detected by Volexity, a suspected Chinese APT group was able to compromise a vulnerable ColdFusion server by directly uploading a China Chopper webshell. “Volexity recently observed active exploitation of a newly patched vulnerability in Adobe ColdFusion, for which no public details or proof-of-concept code exists,” researchers said in a post. The vulnerability, CVE-2018-15961, is a critical unrestricted file upload bug that could also lead to arbitrary code-execution, researchers at Volexity, who discovered the exploitation, said on Thursday. An Adobe ColdFusion vulnerability, patched two months ago, was being exploited in the wild by a China-linked APT group, researchers found.
0 kommentar(er)
