酷应用

【安全日记】Adobe ColdFusion 远程代码执行漏洞

百家作者：绿盟科技 2018-09-26 11:32:02

焦点漏洞

◆ 焦点漏洞

Adobe ColdFusion 远程代码执行漏洞

◆CVE ID

CVE-2018-15965

◆NSFOCUS ID

41177

◆ 受影响版本

Adobe ColdFusion 2018 release

Adobe ColdFusion 2016 release

Adobe ColdFusion 11

◆ 漏洞点评

Adobe ColdFusion是一款动态Web服务器产品。根据Adobe发布的9月份安全更新显示，此软件存在一个高危漏洞，该漏洞源于软件在接受用户数据时，反序列化了不可信的数据。远程攻击者可利用该漏洞执行任意代码。目前厂商已经发布了对此漏洞的安全公告以及相应补丁，请用户及时到厂商主页下载补丁修复这个安全问题。

互联网安全威胁态势

CVE统计

最近一周CVE公告总数与前期相比略有增长。

每日简报回顾

标题：US State Department confirms: Unclassified staff email boxes hacked

时间：2018-09-18

简介： The US State Department has confirmed one of its email systems was attacked, potentially exposing the personal information of some of its employees.

链接：

https://www.theregister.co.uk/2018/09/18/state_department_hacked/

标题：Ransomware hits UK’s Bristol Airport, affects flight information screens

时间：2018-09-17

简介：Bristol Airport in the United Kingdom was hit recently by a ransomware incident that caused disruption to flight information display systems, forcing staff to resort to whiteboards and markers.

链接：

https://www.csoonline.com/article/3305750/security/ransomware-hits-uks-bristol-airport-affects-flight-information-screens.html

标题：Database with 11 Million Email Records Exposed

时间：2018-09-18

简介：A huge customer database containing 11 million records that include personal details, has been discovered on Monday sitting online, unprotected.

链接：

https://www.bleepingcomputer.com/news/security/database-with-11-million-email-records-exposed/?tdsourcetag=s_pctim_aiomsg

......

漏洞研究

漏洞库统计

截止到2018年9月21日，绿盟科技漏洞库已收录总条目达到41224条。本周新增漏洞记录54条，其中高危漏洞数量13条，中危漏洞数量40条，低危漏洞数量1条。