← voltar
CVE-2015-5255

CVE-2015-5255

EPSS 4.5%
Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://marc.info/?l=bugtraq&m=145996963420108&w=2http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.htmlhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073670https://helpx.adobe.com/security/products/coldfusion/apsb15-29.htmlhttps://helpx.adobe.com/security/products/livecycleds/apsb15-30.htmlhttp://www.securityfocus.com/archive/1/536958/100/0/threadedhttp://www.securityfocus.com/bid/77626http://www.securitytracker.com/id/1034210http://www.vmware.com/security/advisories/VMSA-2015-0008.html