Lucene search
K

4 matches found

CVE
CVE
added 2015/11/18 9:0 p.m.63 views

CVE-2015-5255

CVE-2015-5255 describes a Server-Side Request Forgery (SSRF) in BlazeDS used with Adobe ColdFusion and LiveCycle Data Services. A crafted XML document could cause BlazeDS to send HTTP requests to intranet servers, bypassing access controls and enabling further host‑based attacks. Affected product...

4.3CVSS6.5AI score0.04482EPSS
Exploits1References9Affected Software2
Cvelist
Cvelist
added 2015/11/18 9:0 p.m.33 views

CVE-2015-5255

Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to...

3.8AI score0.04482EPSS
Exploits1References9
VMware
VMware
added 2015/11/18 12:0 a.m.35 views

VMware product updates address information disclosure issue.

a. vCenter Server, vCloud Director, Horizon View information disclosure issue VMware products that use Flex BlazeDS may be affected by a flaw in the processing of XML External Entity XXE requests. A specially crafted XML request sent to the server could lead to unintended information be disclosed...

5CVSS6.2AI score0.0954EPSS
Exploits3References1Affected Software3
Tenable Nessus
Tenable Nessus
added 2015/04/13 12:0 a.m.154 views

VMware Horizon View Multiple Vulnerabilities (VMSA-2015-0003) (VMSA-2015-0008) (POODLE)

The VMware Horizon View installed on the remote Windows host is version 5.x prior to 5.3.4 or version 6.x prior to 6.1. It is, therefore, affected by the following vulnerabilities : - A man-in-the-middle MitM information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0...

10CVSS6.8AI score0.99999EPSS
Exploits15References30
Rows per page
Query Builder