LATEST NEWS

Houston Data Centers Migration Complete. Read the press release…

ColdFusion CVE-2019-7816

ColdFusion CVE-2019-7816


On March 1, 2019, Adobe released patch advisory APSB19-14 for all currently maintained and supported versions of ColdFusion (ColdFusion 11, ColdFusion 2016, and ColdFusion 2018).  The critical patch addresses an issue allowing an attacker to upload a malicious file to a server by bypassing any file restrictions and then executing the attack via an HTTP request.  This is actively being exploited in the wild.

Is my instance of ColdFusion affected?

Any server that is running ColdFusion 11, ColdFusion 2016, or ColdFusion 2018 is affected and should be patched immediately.

What about older versions of ColdFusion?

Older versions of ColdFusion are considered end-of-life and are not being patched by Adobe.  If you are running an older version of ColdFusion, you should upgrade to a supported version.

How do I update ColdFusion?

The easiest way to update ColdFusion is to log into each CF Admin instance and navigate to Updates.  From there, check for updates and apply the patches that are available.  Once done, restart the ColdFusion services.  Specifically, ColdFusion 11 Update 18, ColdFusion 2016 Update 10, and ColdFusion 2018 Update 3 are the patches that address this critical vulnerability.

What if I need assistance in patching ColdFusion?

As always, our engineers can assist you.  Please open a ticket via the customer portal and we would be happy to assist.

Share Article



Categories

Discover the DataBank Difference

Discover the DataBank Difference

Explore the eight critical factors that define our Data Center Evolved approach and set us apart from other providers.
Download Now
Get Started

Get Started

Discover the DataBank Difference today:
Hybrid infrastructure solutions with boundless edge reach and a human touch.