Exploit for ColdFusion verifyldapserver vulnerability

Name: Exploit for ColdFusion verifyldapserver vulnerability
Rating: 5 (22 reviews)

2022-03-07 | CVSS 2.2

## https://sploitus.com/exploit?id=SAINT:2627A0057B5932FC0F48D0726418BC06
Added: 03/07/2022  


### Background

[Adobe ColdFusion](<https://coldfusion.adobe.com/>) is a web application development platform written in Java. 

### Problem

The `**verifyldapserver**` method in `**utils.cfc**` allows a remote attacker to cause the server to download a Java class from an arbitrary LDAP server, leading to remote code execution. 

### Resolution

[Upgrade](<https://helpx.adobe.com/coldfusion/kb/coldfusion-downloads.html>) to ColdFusion 11 Update 15 or higher. 

### References

<https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html>  
<https://packetstormsecurity.com/files/166108/Adobe-ColdFusion-11-Remote-Code-Execution.html>  


### Limitations

Exploit works on ColdFusion 11. 

### Platforms

Windows  
Linux