An Initial Analysis of Adobe ColdFusion CVE-2024-53961
A ColdFusion security patch released two days before Christmas? I have a feeling that may have resulted in many sysadmins shouting "Fiddlesticks!" (or perhaps another f-word) earlier today.
An Initial Analysis of Adobe ColdFusion CVE-2024-53961
A ColdFusion security patch released two days before Christmas? I have a feeling that may have resulted in many sysadmins shouting "Fiddlesticks!" (or perhaps another f-word) earlier today.
An Initial Analysis of Adobe ColdFusion CVE-2024-53961
A ColdFusion security patch released two days before Christmas? I have a feeling that may have resulted in many sysadmins shouting "Fiddlesticks!" (or perhaps another f-word) earlier today.
BSidesLV 2024 Slides - Modern ColdFusion Exploitation and Attack Surface Reduction
Thank you to BSidesLV for the opportunity to speak this year. The slides from my talk, Modern ColdFusion Exploitation and Attack Surface Reduction, are now online below. They're pretty similar to my Summercon slides, with a few updates.
BSidesLV 2024 Slides - Modern ColdFusion Exploitation and Attack Surface Reduction
Thank you to BSidesLV for the opportunity to speak this year. The slides from my talk, Modern ColdFusion Exploitation and Attack Surface Reduction, are now online below. They're pretty similar to my Summercon slides, with a few updates.
BSidesLV 2024 Slides - Modern ColdFusion Exploitation and Attack Surface Reduction
Thank you to BSidesLV for the opportunity to speak this year. The slides from my talk, Modern ColdFusion Exploitation and Attack Surface Reduction, are now online below. They're pretty similar to my Summercon slides, with a few updates.
On ColdFusion Administrator Access Control Bypass Techniques
IntroductionAccess Control is frequently boring but important.
On ColdFusion Administrator Access Control Bypass Techniques
IntroductionAccess Control is frequently boring but important.
On ColdFusion Administrator Access Control Bypass Techniques
IntroductionAccess Control is frequently boring but important.
Summercon 2024 Slides - Modern ColdFusion Exploitation and Attack Surface Reduction
Last Friday it was an absolute honor to talk about ColdFusion security at Summercon.
Summercon 2024 Slides - Modern ColdFusion Exploitation and Attack Surface Reduction
Last Friday it was an absolute honor to talk about ColdFusion security at Summercon.
Summercon 2024 Slides - Modern ColdFusion Exploitation and Attack Surface Reduction
Last Friday it was an absolute honor to talk about ColdFusion security at Summercon.
Bypassing Imperva SecureSphere WAF (CVE-2023-50969)
Background Imperva SecureSphere Web Application Firewall (WAF) is an on-premise security solution to inspect, monitor and block traffic to web applications.
Bypassing Imperva SecureSphere WAF (CVE-2023-50969)
Background Imperva SecureSphere Web Application Firewall (WAF) is an on-premise security solution to inspect, monitor and block traffic to web applications.
Bypassing Imperva SecureSphere WAF (CVE-2023-50969)
Background Imperva SecureSphere Web Application Firewall (WAF) is an on-premise security solution to inspect, monitor and block traffic to web applications.
Defending Against CVE-2024-20767 (ColdFusion Arbitrary File System Read)
Technical details for CVE-2024-20767 (ColdFusion Arbitrary File System Read) from APSB24-14 have now been publicly disclosed by the researcher who reported it to Adobe PSIRT: https://jeva.
Defending Against CVE-2024-20767 (ColdFusion Arbitrary File System Read)
Technical details for CVE-2024-20767 (ColdFusion Arbitrary File System Read) from APSB24-14 have now been publicly disclosed by the researcher who reported it to Adobe PSIRT: https://jeva.
Defending Against CVE-2024-20767 (ColdFusion Arbitrary File System Read)
Technical details for CVE-2024-20767 (ColdFusion Arbitrary File System Read) from APSB24-14 have now been publicly disclosed by the researcher who reported it to Adobe PSIRT: https://jeva.
If You're Running an Intranet Connections Lucee Instance, Ensure That You've Change the Default Lucee Admin Password
Last week, researchers at Sprocket Security wrote about post-exploitation in Lucee via malicious extensions.
If You're Running an Intranet Connections Lucee Instance, Ensure That You've Change the Default Lucee Admin Password
Last week, researchers at Sprocket Security wrote about post-exploitation in Lucee via malicious extensions.
If You're Running an Intranet Connections Lucee Instance, Ensure That You've Change the Default Lucee Admin Password
Last week, researchers at Sprocket Security wrote about post-exploitation in Lucee via malicious extensions.
One Reason Why Your ColdFusion Server May Still Be Vulnerable Even With the Latest Security Updates Installed
Next Tuesday is Adobe Patch Tuesday.
One Reason Why Your ColdFusion Server May Still Be Vulnerable Even With the Latest Security Updates Installed
Next Tuesday is Adobe Patch Tuesday.