Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vmwareVMwareVMSA-2015-0008
HistoryNov 18, 2015 - 12:00 a.m.

VMware product updates address information disclosure issue.

2015-11-1800:00:00
www.vmware.com
48

0.009 Low

EPSS

Percentile

80.6%

JSON

a. vCenter Server, vCloud Director, Horizon View information disclosure issue

VMware products that use Flex BlazeDS may be affected by a flaw in the processing of XML External Entity (XXE) requests. A specially crafted XML request sent to the server could lead to unintended information be disclosed.

VMware would like to thank Matthias Kaiser of Code White GmbH and Ilyass El Hadi of KPMG-EGYDE for independently reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2015-3269 to this issue.

The product updates listed in the table below have also been determined to address a XML External Entity (XXE) Processing and Server Side Request Forgery vulnerability in Flex BlazeDS.

VMware would like to thank James Kettle of PortSwigger Web Security for reporting these issues to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2015-5255 to these issues.

Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

Related

nessus 5
vmware 1
threatpost 4
securityvulns 2
zdi 1
adobe 2
packetstorm 1
prion 2
cve 2
zdt 1
myhack58 2
cert 2
openvas 1
seebug 1
nessus
nessus
VMware vCenter Multiple Vulnerabilities (VMSA-2015-0008)
2015-12-22 00:00:00
HP Operations Manager i Apache Flex BlazeDS External Entity Injection Vulnerability
2016-03-09 00:00:00
Adobe ColdFusion BlazeDS XXE (APSB15-21) (credentialed check)
2015-09-03 00:00:00
vmware
vmware
VMware product updates address information disclosure issue.
2015-11-18 00:00:00
threatpost
threatpost
VMware Patches Pesky XXE Bug in Flex BlazeDS
2015-11-20 16:36:23
Adobe LiveCycle Data Services Hotfix
2015-08-18 12:46:31
Adobe ColdFusion Hotfix
2015-08-27 14:08:42
securityvulns
securityvulns
CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability
2015-08-24 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2015-08-24 00:00:00
zdi
zdi
Cisco Nexus Dashboard Fabric Controller XML External Entity Processing Information Disclosure Vulnerability
2022-03-11 00:00:00
adobe
adobe
APSB15-30 Security update available for LiveCycle Data Services
2015-11-17 00:00:00
APSB15-20 Security update available for LiveCycle Data Services
2015-08-18 00:00:00
packetstorm
packetstorm
Apache Flex BlazeDS 4.7.1 SSRF
2015-11-23 00:00:00
prion
prion
Server side request forgery (ssrf)
2015-11-18 21:59:00
Xxe
2015-08-25 01:59:00
cve
cve
CVE-2015-3269
2015-08-25 01:59:00
CVE-2015-5255
2015-11-18 21:59:00
zdt
zdt
Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability
2015-08-20 00:00:00
myhack58
myhack58
Java AMF3 deserialization vulnerability analysis-vulnerability warning-the black bar safety net
2017-04-07 00:00:00
Java AMF3 exposure remote code execution vulnerability-vulnerability warning-the black bar safety net
2017-04-07 00:00:00
cert
cert
Granite Data Services AMF framework fails to properly parse XML input containing a reference to external entities
2016-03-24 00:00:00
Action Message Format (AMF3) Java implementations are vulnerable to insecure deserialization and XML external entities references
2017-04-04 00:00:00
openvas
openvas
Adobe ColdFusion Multiple Vulnerabilities (APSB15-29)
2016-03-11 00:00:00
seebug
seebug
AMF3 Java implementations Improper Restriction of XML External Entity Reference ('XXE')
2017-04-06 00:00:00

0.009 Low

EPSS

Percentile

80.6%

JSON
Related for VMSA-2015-0008
nessus5vmware1threatpost4securityvulns2zdi1adobe2packetstorm1prion2cve2zdt1myhack582cert2openvas1seebug1