APP: Adobe ColdFusion ODBC Server Heap Buffer Overflow
This signature detects attempts to exploit a known vulnerability against Adobe ColdFusion. A successful attack can lead to arbitrary code execution.
Extended Description
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server.
Affected Products
Adobe coldfusion
Short Name
APP:MISC:ADOBE-CLDFUSN-RCE
Severity
Major
Recommended
True
Recommended Action
Drop
Category
APP
Keywords
Adobe Buffer CVE-2022-35690 CVE-2022-35710 CVE-2022-35711 ColdFusion Heap ODBC Overflow Server
Release Date
02/03/2023
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
Port
TCP/20009,20010
False Positive
Unknown
Vendors
Adobe