Adobe BlazeDS SSRF Vulnerability (CVE-2015-5255)
Adobe BlazeDS SSRF Vulnerability (CVE-2015-5255)
Release date:
Updated on:
Affected Systems:
Adobe ColdFusion <11 Update 7
Adobe ColdFusion <10 Update 18
Adobe LiveCycle Data Services 4.7.x-4.7.0.354178
Adobe LiveCycle Data Services 4.6.2.x-4.6.2.354178
Adobe LiveCycle Data Services 4.5.x-4.5.1.354177
Adobe LiveCycle Data Services 3.1.x-3.1.0.354180
Adobe LiveCycle Data Services 3.0.x-3.0.0.354175
Description:
CVE (CAN) ID: CVE-2015-5255
BlazeDS is a server-based Java Remote Call and Web messaging technology.
Adobe BlazeDS has a server-side Request Forgery Vulnerability. By constructing XML documents, remote attackers can exploit this vulnerability to send HTTP traffic to Intranet servers.
<* Source: James Kettle
*>
Suggestion:
Vendor patch:
Adobe
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html
Https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html
This article permanently updates the link address: