What is CVE-2019-7838?

CVE-2019-7838 refers to a file extension blacklist bypass vulnerability in ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier.

How severe is CVE-2019-7838?

CVE-2019-7838 has a severity rating of 9.8 out of 10, indicating a critical vulnerability.

Which software versions are affected by CVE-2019-7838?

ColdFusion versions 11.0 to 11.0-update18, 2016 to 2016-update9, and 2018 to 2018-update3 are affected by CVE-2019-7838.

What is the potential impact of CVE-2019-7838?

Successful exploitation of CVE-2019-7838 could lead to arbitrary code execution.

Where can I find more information about CVE-2019-7838?

You can find more information about CVE-2019-7838 at the following URL: https://helpx.adobe.com/security/products/coldfusion/apsb19-27.html

Vulnerability/
CVE-2019-7838

critical

CWE

434

12/6/2019

4/8/2024

CVE-2019-7838: Malicious File Upload

First published: Wed Jun 12 2019(Updated: )

ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

Credit: psirt@adobe.com

Affected Software	Affected Version	How to fix
Adobe ColdFusion	=11.0
Adobe ColdFusion	=11.0-update1
Adobe ColdFusion	=11.0-update10
Adobe ColdFusion	=11.0-update11
Adobe ColdFusion	=11.0-update12
Adobe ColdFusion	=11.0-update13
Adobe ColdFusion	=11.0-update14
Adobe ColdFusion	=11.0-update15
Adobe ColdFusion	=11.0-update16
Adobe ColdFusion	=11.0-update17
Adobe ColdFusion	=11.0-update18
Adobe ColdFusion	=11.0-update2
Adobe ColdFusion	=11.0-update3
Adobe ColdFusion	=11.0-update4
Adobe ColdFusion	=11.0-update5
Adobe ColdFusion	=11.0-update6
Adobe ColdFusion	=11.0-update7
Adobe ColdFusion	=11.0-update8
Adobe ColdFusion	=11.0-update9
Adobe ColdFusion	=2016
Adobe ColdFusion	=2016-update1
Adobe ColdFusion	=2016-update10
Adobe ColdFusion	=2016-update2
Adobe ColdFusion	=2016-update3
Adobe ColdFusion	=2016-update4
Adobe ColdFusion	=2016-update5
Adobe ColdFusion	=2016-update6
Adobe ColdFusion	=2016-update7
Adobe ColdFusion	=2016-update8
Adobe ColdFusion	=2016-update9
Adobe ColdFusion	=2018
Adobe ColdFusion	=2018-update1
Adobe ColdFusion	=2018-update2
Adobe ColdFusion	=2018-update3

Never miss a vulnerability like this again

Reference Links

https://helpx.adobe.com/security/products/coldfusion/apsb19-27.html

Frequently Asked Questions

What is CVE-2019-7838?
CVE-2019-7838 refers to a file extension blacklist bypass vulnerability in ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier.
How severe is CVE-2019-7838?
CVE-2019-7838 has a severity rating of 9.8 out of 10, indicating a critical vulnerability.
Which software versions are affected by CVE-2019-7838?
ColdFusion versions 11.0 to 11.0-update18, 2016 to 2016-update9, and 2018 to 2018-update3 are affected by CVE-2019-7838.
What is the potential impact of CVE-2019-7838?
Successful exploitation of CVE-2019-7838 could lead to arbitrary code execution.
Where can I find more information about CVE-2019-7838?
You can find more information about CVE-2019-7838 at the following URL: https://helpx.adobe.com/security/products/coldfusion/apsb19-27.html

collector/nvd-index
agent/softwarecombine
agent/type
collector/mitre-cve
source/MITRE
agent/author
agent/severity
agent/last-modified-date
agent/references
agent/weakness
agent/tags
agent/description
agent/first-publish-date
agent/event
vendor/adobe
canonical/adobe coldfusion
version/adobe coldfusion/11.0
version/adobe coldfusion/11.0-update1
version/adobe coldfusion/11.0-update10
version/adobe coldfusion/11.0-update11
version/adobe coldfusion/11.0-update12
version/adobe coldfusion/11.0-update13
version/adobe coldfusion/11.0-update14
version/adobe coldfusion/11.0-update15
version/adobe coldfusion/11.0-update16
version/adobe coldfusion/11.0-update17
version/adobe coldfusion/11.0-update18
version/adobe coldfusion/11.0-update2
version/adobe coldfusion/11.0-update3
version/adobe coldfusion/11.0-update4
version/adobe coldfusion/11.0-update5
version/adobe coldfusion/11.0-update6
version/adobe coldfusion/11.0-update7
version/adobe coldfusion/11.0-update8
version/adobe coldfusion/11.0-update9
version/adobe coldfusion/2016
version/adobe coldfusion/2016-update1
version/adobe coldfusion/2016-update10
version/adobe coldfusion/2016-update2
version/adobe coldfusion/2016-update3
version/adobe coldfusion/2016-update4
version/adobe coldfusion/2016-update5
version/adobe coldfusion/2016-update6
version/adobe coldfusion/2016-update7
version/adobe coldfusion/2016-update8
version/adobe coldfusion/2016-update9
version/adobe coldfusion/2018
version/adobe coldfusion/2018-update1
version/adobe coldfusion/2018-update2
version/adobe coldfusion/2018-update3