HTTP: Adobe ColdFusion GetArgumentCollection Insecure Deserialization
This signature detects attempts to exploit a known vulnerability against Adobe ColdFusion GetArgumentCollection. A successful attack can lead to arbitrary code execution.
Extended Description
ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability by providing crafted input to the application, which when deserialized, leads to execution of malicious code. Exploitation of this issue does not require user interaction.
Affected Products
Adobe coldfusion
References
CVE: CVE-2024-41874
Short Name
HTTP:ADOBE-CVE-2024-41874-DES
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Adobe CVE-2024-41874 ColdFusion Deserialization GetArgumentCollection Insecure
Release Date
11/11/2024
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3757
False Positive
Unknown
Vendors
Adobe