ColdFusion Log4j Vul

Owned by Genhan Chen
Last updated: Dec 13, 2021

ColdFusion 2016

Install Update 17 Manually

https://helpx.adobe.com/coldfusion/kb/coldfusion-2016-update-17.html

https://csjdpw.atlassian.net/wiki/spaces/~Genhan.Chen/blog/2019/05/23/740687967

 

If Error 403 occurs, need to upgrade wsconfig tool at {cf_install_home}/{instance_name}/runtime/bin:

  1. Stop the entire IIS website

  2. Open wsconfig as administrator

  3. Click “Upgrade:

You can also upgrade wsconfig on CMD: wsconfig -upgrade.

 

 

log4j-1.2.15 (check the log4j version at “\cfusion\lib”)

https://community.adobe.com/t5/coldfusion-discussions/zero-day-exploit-affecting-the-popular-apache-log4j-utility-cve-2021-44228/td-p/12585377