CVE-2015-5255 Information

Feb 14, 2021 cve

Description

Adobe BlazeDS as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175 3.1.x before 3.1.0.354180 4.5.x before 4.5.1.354177 4.6.2.x before 4.6.2.354178 and 4.7.x before 4.7.0.354178 allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document related to a Server-Side Request Forgery (SSRF) issue.

Reference

http://marc.info/?l=bugtraq&m=145996963420108&w=2 http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.html http://www.securityfocus.com/archive/1/536958/100/0/threaded http://www.securityfocus.com/bid/77626 http://www.securitytracker.com/id/1034210 http://www.vmware.com/security/advisories/VMSA-2015-0008.html https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073670 https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html

Share on: