HTTP: Adobe ColdFusion Application Server Directory Traversal
This signature detects attempts to exploit a known vulnerability against Adobe ColdFusion Application Server. A successful attack can lead to directory traversal and arbitrary code execution.
Extended Description
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but does require administrator privileges.
Affected Products
Adobe coldfusion
Short Name
HTTP:COLDFUSION:APP-SRVR-DIRTRV
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Adobe Application CVE-2022-38418 CVE-2022-38421 CVE-2024-20767 CVE-2024-53961 ColdFusion Directory Server Traversal
Release Date
02/16/2023
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3794
False Positive
Unknown
Vendors
Adobe