ColdFusion AMF Deserialization RCE

Description
  • ColdFusion Flash Remoting is vulnerable to deserialization attacks. An attacker could exploit this vulnerability using specially-crafted serialized data to execute arbitrary code on the system or to perform denial of service attack.
Remediation
  • Upgrade to the latest version of ColdFusion
References