Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue.
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
| Link | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=145996963420108&w=2 | third party advisory vendor advisory |
| https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html | patch vendor advisory |
| http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.html | |
| http://www.securitytracker.com/id/1034210 | vdb entry |
| https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073670 | third party advisory |
| http://www.vmware.com/security/advisories/VMSA-2015-0008.html | |
| https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html | patch vendor advisory |
| http://www.securityfocus.com/archive/1/536958/100/0/threaded | mailing list |
| http://www.securityfocus.com/bid/77626 | vdb entry |