On March 14, 2023, Adobe released a security advisory affecting Adobe ColdFusion versions 2021 and 2018.
The vulnerability was categorized as improper access control, potentially resulting in arbitrary code execution. The exploitation of this issue does not require user interaction.
No PoC has been released so far, however, after further investigation, the Imperva Threat Research team created effective mitigation against this vulnerability.
Over the past few days, we observed hundreds of exploitation attempts successfully thwarted by Imperva Cloud WAF and Imperva WAF Gateway (customer-managed WAF).
Most exploitation attempts were carried out by automated hacking tools written in the Go programming language.
The attackers tried to read sensitive files from the ColdFusion servers like:
- Neo-runtime.xml
- Seed.properties
- Password.properties
We also observed attempts to upload a malicious web shell onto the servers.
These files were stored as text, however, once uploaded to the server, it was converted into a CFM script that could result in remote code execution.
Given existing blocking rules that mitigate the CVE-2023-26360 Adobe ColdFusion vulnerability, this new CVE is mitigated by both Imperva Cloud WAF and Imperva WAF Gateway.
As always, Imperva Threat Research is monitoring the situation and will provide updates as new information emerges.
Try Imperva for Free
Protect your business for 30 days on Imperva.
