Bypassing Imperva SecureSphere WAF (CVE-2023-50969)
Background Imperva SecureSphere Web Application Firewall (WAF) is an on-premise security solution to inspect, monitor and block traffic to web applications.
Background Imperva SecureSphere Web Application Firewall (WAF) is an on-premise security solution to inspect, monitor and block traffic to web applications.
Technical details for CVE-2024-20767 (ColdFusion Arbitrary File System Read) from APSB24-14 have now been publicly disclosed by the researcher who reported it to Adobe PSIRT: https://jeva.
Last week, researchers at Sprocket Security wrote about post-exploitation in Lucee via malicious extensions.
Next Tuesday is Adobe Patch Tuesday.
I recently saw a ColdFusion question about verifyClient and remote CFC functions.
Last week, Harsh Jaiswal and Rahul Maini from ProjectDiscovery released some impressive security research on multiple vulnerabilities in Lucee (and Mura CMS and Masa CMS).
Christmas came early this year in Potrero Hill and it was sad news for craft beer drinkers.
BackgroundAdobe ColdFusion is vulnerable to a Mass Assignment vulnerability that can result in an attacker being able to modify the value of any variable in any scope within the context of remote CFC methods.
I recently moved my blog over to a custom domain -- https://www.
IntroductionThis post is about ColdFusion 2023 Update 5 and ColdFusion 2021 Update 11, but it's also about more than just those versions.
IntroductionππππππππSix years ago today, on September 12, 2017, Adobe released APSB17-30.
BackgroundIn this post I'll be walking though CVE-2023-29301, which is an access control bypass / password brute force vulnerability in Adobe ColdFusion that I reported to Adobe and was fixed on July 11, 2023 in Adobe Product Security Bulletin APSB23-40.
TL; DR: If you use AES-CBC (or another block cipher operating in CBC mode) to decrypt user-controlled ciphertext, validate the ciphertext with an HMAC or similar integrity check prior to decryption to avoid Padding Oracle vulnerabilities.
This is the first of what may be a couple of posts about my presentation from ColdFusion Summit East 2023, which was held in April in Washington, DC.
I spoke at ColdFusion Summit East 2023 last week.
BackgroundMura CMS is a popular content management system written in ColdFusion/CFML.
Update March 6, 2023 - the full security advisory has been posted here: https://hoyahaxa.
An IntroductionThis is the first of what may become a few blog posts based on my CFSummit 2022 talk.
Photo credit: @coldfumonkehI attended my first CFSummit, where I talked about a handful of web vulnerability classes (SSRF, Session Puzzles, Cryptography flaws, and XML attacks) that might be overlooked by some ColdFusion/CFML developers.
IntroductionIt's time to dive into another old vulnerability.