Threat actors are attacking unpatched Adobe ColdFusion servers after reverse engineering an Adobe patch released in September.Â
According to a ZDNet report, the cyber attacks started in late September and has been targeting ColdFusion servers not updated with the Adobe patches released a couple weeks before, on September 11.
The hackers are targeting a critical unrestricted file upload vulnerability (CVE-2018-15961) that could lead to remote code execution.
The vulnerability was patched as part of Adobe’s ColdFusion security advisory APSB18-33.