Adobe ColdFusion Arbitrary Code Execution CVE-2021-21087 Scanner

Details
Stay Up To Date
Asset Type

DOMAIN,IP,URL

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

10

Adobe ColdFusion Arbitrary Code Execution CVE-2021-21087 Scanner Detail

Adobe's emergency updates patch an arbitrary code execution security flaw caused by an Improper Input Validation software vulnerability.

Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’) vulnerability. An attacker could abuse this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction.

Some Advice for Common Problems

  1. Adobe recommends administrators install the security updates as soon as possible and apply the security configuration settings outlined in the ColdFusion 2021, ColdFusion 2018, and ColdFusion 2016 lockdown guides.
  2. Adobe recommends updating your ColdFusion JDK/JRE to the latest version of the LTS releases for 1.8 and JDK 11

Community Discussions

Need a Full Assesment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service