HTTP: Adobe ColdFusion convertToTemplateProxy Insecure Deserialization
This signature detects attempts to exploit a known vulnerability against Adobe ColdFusion. A successful attack can lead to arbitrary code execution.
Extended Description
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
Affected Products
Adobe coldfusion
References
CVE: CVE-2023-44353
Short Name
HTTP:COLDFUSION:ADOBE-DESER-RCE
Severity
Critical
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Adobe CVE-2023-26360 CVE-2023-38204 CVE-2023-44353 ColdFusion Deserialization Insecure convertToTemplateProxy
Release Date
04/26/2023
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3701
False Positive
Unknown
Vendors
Adobe