HTTP: Adobe ColdFusion Multiple Improper Access Control

This signature detects attempts to exploit a known vulnerability against Adobe ColdFusion. A successful attack can lead to security bypass.

Extended Description

Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.

Affected Products

Adobe coldfusion

References

CVE: CVE-2023-38205

Short Name
HTTP:COLDFUSION:MUL-IMPRPR-ACSS
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Access Adobe CVE-2023-29298 CVE-2023-38205 ColdFusion Control Improper Multiple
Release Date
09/12/2023
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3632
False Positive
Rarely
Vendors

Adobe

Found a potential security threat?