Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
This vulnerability is well known, and ColdFusion servers are often exposed to the internet. An unauthenticated attacker can remotely control a device and gain an entry point for launching further attacks on the network.
Kill Chain
Risk Score
83
Adobe ColdFusion is a web development platform that can run Java applications. ColdFusion has a vulnerability in the built-in upload manager that allows an attacker to run arbitrary Java code on the server. The attacker sends an HTTP POST request to upload a malicious JSP file, which is not restricted by default. The attacker then calls the URL of the malicious file to run the code. Depending on the sophistication of the payload containing the code, the attacker might be able to exfiltrate data, leverage a web shell to run commands, or launch other additional attacks on the server.
Install relevant patches for affected versions
Lock down ColdFusion Administrator access to a trusted set of IP addresses
Add a restriction against .jsp files in the <cfset settings.disfiles = > tag of the settings.cfm configuration file
Examine log files for suspicious activity to determine if a payload was deployed
Examine the following upload paths for unauthorized files: /cf_scripts/ and /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/uploadedFiles/
