ColdFusion JNDI injection RCE

Description

ColdFusion allows an unauthenticated user to connect to any LDAP server. An attacker can exploit it to achieve remote code execution.

Remediation

Upgrade to the latest version of ColdFusion.

References

- APSB18-33
- A Journey From JNDI/LDAP Manipulation To RCE

Severity

Classification

Tags

Code Execution

Related Vulnerabilities