Lucee.Administrator.imgProcess.cfm.Arbitrary.File.Write
Description
This indicates an attack attempt to exploit an Arbitrary File Write Vulnerability in Lucee Server.
The vulnerability is due to improper handling of a craft HTTP request.
Affected Products
Lucee Server version 5.3.5.00 to version 5.3.5.95
Lucee Server version 5.3.6.00 to version 5.3.6.67
Lucee Server version 5.3.7.00 to version 5.3.7.46
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://dev.lucee.org/t/lucee-vulnerability-alert-november-2020-cve-2021-21307/7643
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |