## https://sploitus.com/exploit?id=SAINT:2627A0057B5932FC0F48D0726418BC06
Added: 03/07/2022
### Background
Adobe ColdFusion is a web application development platform written in Java.
### Problem
The `**verifyldapserver**` method in `**utils.cfc**` allows a remote attacker to cause the server to download a Java class from an arbitrary LDAP server, leading to remote code execution.
### Resolution
Upgrade to ColdFusion 11 Update 15 or higher.
### References
https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html
https://packetstormsecurity.com/files/166108/Adobe-ColdFusion-11-Remote-Code-Execution.html
### Limitations
Exploit works on ColdFusion 11.
### Platforms
Windows
Linux