Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2015-5255

Good to know:

icon
icon

Date: November 18, 2015

Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue.

Language: Java

Severity Score

Related Resources (11)

http://www.securitytracker.com/id/1034210
http://www.vmware.com/security/advisories/VMSA-2015-0008.html
https://nvd.nist.gov/vuln/detail/CVE-2015-5255
https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html
http://www.securityfocus.com/bid/77626
http://www.securityfocus.com/archive/1/536958/100/0/threaded
https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html
http://marc.info/?l=bugtraq&m=145996963420108&w=2
http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073670
https://www.mend.io/vulnerability-database/CVE-2015-5255

Severity Score

Weakness Type (CWE)

Input Validation

CWE-20

Top Fix

icon

Upgrade Version

Upgrade to version org.apache.flex.blazeds:flex-messaging-core:4.7.2

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): LOW
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us