Update Details
Update #3006 (11/16/2017)
1 new signature:
| HIGH | HTTP:STC:ADOBE:CVE-2017-16366CE | HTTP: Adobe Acrobat CVE-2017-16366 Remote Code Execution |
1 renamed signature:
| APP:MISC:ADOBE-CLODFUSION-RCE | -> | APP:MISC:ADOBE-COLDFUSION-RCE |
Details of the signatures included within this bulletin:
APP:MISC:ADOBE-COLDFUSION-RCE - APP: Adobe ColdFusion RMI Registry Insecure Deserialization Remote Code Execution
Severity: HIGH
Description:
An insecure deserialization vulnerability has been reported in the Flex integration service of Adobe ColdFusion. A remote, unauthenticated attacker can exploit this vulnerability by sending maliciously crafted serialized data to the target application. Successful exploitation could result in arbitrary code execution in the context of SYSTEM.
Supported On:
isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, isg-3.1.134269, vsrx-15.1
References:
- cve: CVE-2017-11283
- bugtraq: 100708
- cve: CVE-2017-11284
HTTP:STC:ADOBE:CVE-2017-16366CE - HTTP: Adobe Acrobat CVE-2017-16366 Remote Code Execution
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Adobe Acrobat Reader. A successful attack can lead to Remote Code Execution.
Supported On:
isg-3.5.141652, idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, j-series-9.5, srx-12.1, srx-branch-12.1, vsrx-12.1, vsrx-15.1
References:
- cve: CVE-2017-16366