Server-Side Request Forgery in Adobe BlazeDS Products
CVE-2015-5255

Currently unrated

Key Information:

Vendor: HP
Status: Xp7 Command View Advanced Edition; Xp P9000 Command View Advanced Edition
Vendor: CVE Published:; 18 November 2015

Summary

Adobe BlazeDS products, including specific versions of ColdFusion and LiveCycle Data Services, are susceptible to a Server-Side Request Forgery (SSRF) vulnerability. This flaw enables remote attackers to manipulate HTTP requests and gain unauthorized access to intranet servers by crafting malicious XML documents. Updating to the latest versions is crucial to mitigate the risks associated with this vulnerability.

References

http://marc.info/?l=bugtraq&m=145996963420108&w=2

vendor-advisoryx_refsource_HP

https://helpx.adobe.com/security/products/coldfusion/apsb...

x_refsource_CONFIRM

http://packetstormsecurity.com/files/134506/Apache-Flex-B...

x_refsource_MISC

Timeline

Vulnerability published
Nov 18, 2015
Vulnerability Reserved
Jul 1, 2015