Threat Encyclopedia

Lucee.Administrator.imgProcess.cfm.Arbitrary.File.Write

Description

This indicates an attack attempt to exploit an Arbitrary File Write Vulnerability in Lucee Server.
The vulnerability is due to improper handling of a craft HTTP request.

Affected Products

Lucee Server version 5.3.5.00 to version 5.3.5.95
Lucee Server version 5.3.6.00 to version 5.3.6.67
Lucee Server version 5.3.7.00 to version 5.3.7.46

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://dev.lucee.org/t/lucee-vulnerability-alert-november-2020-cve-2021-21307/7643

CVE References

CVE-2021-21307