Lucene search

K

PRIOn knowledge basePRION:CVE-2015-5255

HistoryNov 18, 2015 - 9:59 p.m.

Server side request forgery (ssrf)

2015-11-1821:59:00

PRIOn knowledge base

www.prio-n.com

3

7 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

69.2%

Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue.

CPENameOperatorVersion
coldfusionle10.0
coldfusionle11.0
livecycle_data_serviceseq4.6
livecycle_data_serviceseq3.0
livecycle_data_serviceseq4.7
livecycle_data_serviceseq4.5

References

packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.html

www.securityfocus.com/archive/1/536958/100/0/threaded

www.securityfocus.com/bid/77626

www.securitytracker.com/id/1034210

www.vmware.com/security/advisories/VMSA-2015-0008.html

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073670

helpx.adobe.com/security/products/coldfusion/apsb15-29.html

helpx.adobe.com/security/products/livecycleds/apsb15-30.html

marc.info/?l=bugtraq&m=145996963420108&w=2

7 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

69.2%

Related for PRION:CVE-2015-5255

adobe1 packetstorm1 threatpost1 cve1 vmware2 nessus3 openvas1