Server-Side Request Forgery in Adobe BlazeDS Products
CVE-2015-5255

Currently unrated

Key Information:

Vendor

HP
Status
Xp7 Command View Advanced Edition
Xp P9000 Command View Advanced Edition
Vendor
CVE Published:
18 November 2015

What is CVE-2015-5255?

Adobe BlazeDS products, including specific versions of ColdFusion and LiveCycle Data Services, are susceptible to a Server-Side Request Forgery (SSRF) vulnerability. This flaw enables remote attackers to manipulate HTTP requests and gain unauthorized access to intranet servers by crafting malicious XML documents. Updating to the latest versions is crucial to mitigate the risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://marc.info/?l=bugtraq&m=145996963420108&w=2
vendor-advisoryx_refsource_HP
https://helpx.adobe.com/security/products/coldfusion/apsb...
x_refsource_CONFIRM
http://packetstormsecurity.com/files/134506/Apache-Flex-B...
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.