← volver
CVE-2015-5255

CVE-2015-5255

EPSS 4.5%
Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://marc.info/?l=bugtraq&m=145996963420108&w=2http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.htmlhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073670https://helpx.adobe.com/security/products/coldfusion/apsb15-29.htmlhttps://helpx.adobe.com/security/products/livecycleds/apsb15-30.htmlhttp://www.securityfocus.com/archive/1/536958/100/0/threadedhttp://www.securityfocus.com/bid/77626http://www.securitytracker.com/id/1034210http://www.vmware.com/security/advisories/VMSA-2015-0008.html