writeups.xyz / Adobe ColdFusion Deserialization RCE (CVE-2017-11283, CVE-2017-11284)

Submitter : c2a

Date: 13 October 2017

Bounty : undisclosed

Vulnerabilities :

• Insecure Deserialization
• RCE
• Security Code Review
• Java RMI

Programs :

• Adobe (ColdFusion)

Authors :

• Nicky Bloor (@NickstaDB)

Link :
https://nickbloor.co.uk/2017/10/13/adobe-coldfusion-deserialization-rce-cve-2017-11283-cve-2017-11238/