• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – Mozilla Releases Security Updates for Firefox
February 13, 2019
Rewterz Threat Advisory -CVE-2019-7304 – Linux Local Privilege Escalation vulnerability via Snapd Socket
February 14, 2019

Rewterz Threat Advisory – CVE-2019-7092 Unspecified Cross Site Scripting Vulnerability

February 13, 2019

Severity: High

Analysis Summary

Adobe ColdFusion is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-
supplied input.

An attacker could exploit this vulnerability to execute arbitrary script code in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Successful exploitation of the most severe of these vulnerabilities could result in an attacker executing arbitrary code in the context of the affected application. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

Impact

Execution of arbitrary code
Information disclosure

Affected Products

  • Adobe ColdFusion 2018.0 Update 1
  • Adobe ColdFusion 2016.0 Update 7
  • Adobe ColdFusion 2016.0 Update 6
  • Adobe ColdFusion 2016.0 Update 5
  • Adobe ColdFusion 2016.0 Update 4
  • Adobe ColdFusion 2016.0 Update 3
  • Adobe ColdFusion 2016.0 Update 2
  • Adobe ColdFusion 2016.0 Update 1
  • Adobe ColdFusion 2016.0
  • Adobe ColdFusion 11 Update 9
  • Adobe ColdFusion 11 Update 8
  • Adobe ColdFusion 11 Update 7
  • Adobe ColdFusion 11 Update 6
  • Adobe ColdFusion 11 Update 5
  • Adobe ColdFusion 11 Update 4
  • Adobe ColdFusion 11 Update 3
  • Adobe ColdFusion 11 Update 2
  • Adobe ColdFusion 11 Update 15
  • Adobe ColdFusion 11 Update 14
  • Adobe ColdFusion 11 Update 13
  • Adobe ColdFusion 11 Update 12
  • Adobe ColdFusion 11 Update 11
  • Adobe ColdFusion 11 Update 10
  • Adobe ColdFusion 11 Update 1
  • Adobe ColdFusion 11

Remediation

Vendor has released updates for the following products.
Adobe Coldfusion 2018 update 2
Adobe Coldfusion 2016 update 8
Adobe Coldfusion 2011 update 16

  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.