cnvd - cnvd-2015-07736

CNVD-2015-07736

Vulnerability from cnvd - Published: 2015-11-23

Title

多个Adobe产品服务器端请求伪造安全绕过漏洞

Description

Adobe ColdFusion是一个动态Web服务器,其CFML是一种程序设计语言,类似现在的JSP里的JSTL。Adobe LiveCycle Data Services是美国奥多比（Adobe）公司的一套部署在应用服务器上并整合了RIA应用和J2EE等企业应用的服务器软件。多个Adobe产品存在服务器端请求伪造安全绕过漏洞。允许远程攻击者利用此漏洞绕过某些安全限制执行未授权操作。

Severity

中

Patch Name

多个Adobe产品服务器端请求伪造安全绕过漏洞的补丁

Patch Description

Adobe ColdFusion是一个动态Web服务器,其CFML是一种程序设计语言,类似现在的JSP里的JSTL。 Adobe LiveCycle Data Services是美国奥多比（Adobe）公司的一套部署在应用服务器上并整合了RIA应用和J2EE等企业应用的服务器软件。多个Adobe产品存在服务器端请求伪造安全绕过漏洞。允许远程攻击者利用此漏洞绕过某些安全限制执行未授权操作。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可联系供应商获得补丁信息： http://www.adobe.com/ http://www.adobe.com/products/coldfusion-family.html

Reference

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5255 http://www.securityfocus.com/bid/77626

Impacted products

Name
['Adobe ColdFusion 10(<Update 18)', 'Adobe ColdFusion 11(<Update 7)', 'Adobe LiveCycle Data Services 3.0', 'Adobe LiveCycle Data Services \r\n4.5', 'Adobe LiveCycle Data Services \r\n4.6', 'Adobe LiveCycle Data Services \r\n4.7']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "77626"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-5255"
    }
  },
  "description": "Adobe ColdFusion\u662f\u4e00\u4e2a\u52a8\u6001Web\u670d\u52a1\u5668,\u5176CFML\u662f\u4e00\u79cd\u7a0b\u5e8f\u8bbe\u8ba1\u8bed\u8a00,\u7c7b\u4f3c\u73b0\u5728\u7684JSP\u91cc\u7684JSTL\u3002Adobe LiveCycle Data Services\u662f\u7f8e\u56fd\u5965\u591a\u6bd4\uff08Adobe\uff09\u516c\u53f8\u7684\u4e00\u5957\u90e8\u7f72\u5728\u5e94\u7528\u670d\u52a1\u5668\u4e0a\u5e76\u6574\u5408\u4e86RIA\u5e94\u7528\u548cJ2EE\u7b49\u4f01\u4e1a\u5e94\u7528\u7684\u670d\u52a1\u5668\u8f6f\u4ef6\u3002\r\n\r\n\u591a\u4e2aAdobe\u4ea7\u54c1\u5b58\u5728\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u7ed5\u8fc7\u67d0\u4e9b\u5b89\u5168\u9650\u5236\u6267\u884c\u672a\u6388\u6743\u64cd\u4f5c\u3002",
  "discovererName": "James Kettle of PortSwigger Web Security",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://www.adobe.com/\r\nhttp://www.adobe.com/products/coldfusion-family.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-07736",
  "openTime": "2015-11-23",
  "patchDescription": "Adobe ColdFusion\u662f\u4e00\u4e2a\u52a8\u6001Web\u670d\u52a1\u5668,\u5176CFML\u662f\u4e00\u79cd\u7a0b\u5e8f\u8bbe\u8ba1\u8bed\u8a00,\u7c7b\u4f3c\u73b0\u5728\u7684JSP\u91cc\u7684JSTL\u3002\r\nAdobe LiveCycle Data Services\u662f\u7f8e\u56fd\u5965\u591a\u6bd4\uff08Adobe\uff09\u516c\u53f8\u7684\u4e00\u5957\u90e8\u7f72\u5728\u5e94\u7528\u670d\u52a1\u5668\u4e0a\u5e76\u6574\u5408\u4e86RIA\u5e94\u7528\u548cJ2EE\u7b49\u4f01\u4e1a\u5e94\u7528\u7684\u670d\u52a1\u5668\u8f6f\u4ef6\u3002\r\n\r\n\u591a\u4e2aAdobe\u4ea7\u54c1\u5b58\u5728\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u7ed5\u8fc7\u67d0\u4e9b\u5b89\u5168\u9650\u5236\u6267\u884c\u672a\u6388\u6743\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u4e2aAdobe\u4ea7\u54c1\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Adobe ColdFusion 10(\u003cUpdate 18)",
      "Adobe ColdFusion  11(\u003cUpdate 7)",
      "Adobe LiveCycle Data Services 3.0",
      "Adobe LiveCycle Data Services \r\n4.5",
      "Adobe LiveCycle Data Services \r\n4.6",
      "Adobe LiveCycle Data Services \r\n4.7"
    ]
  },
  "referenceLink": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5255\r\nhttp://www.securityfocus.com/bid/77626",
  "serverity": "\u4e2d",
  "submitTime": "2015-11-19",
  "title": "\u591a\u4e2aAdobe\u4ea7\u54c1\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

CVE-2015-5255 (GCVE-0-2015-5255)

Vulnerability from cvelistv5 – Published: 2015-11-18 21:00 – Updated: 2024-08-06 06:41

Summary

Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://marc.info/?l=bugtraq&m=145996963420108&w=2	vendor-advisoryx_refsource_HP
	https://helpx.adobe.com/security/products/coldfus…	x_refsource_CONFIRM
	http://packetstormsecurity.com/files/134506/Apach…	x_refsource_MISC
	http://www.securitytracker.com/id/1034210	vdb-entryx_refsource_SECTRACK
	https://h20566.www2.hpe.com/portal/site/hpsc/publ…	x_refsource_CONFIRM
	http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM
	https://helpx.adobe.com/security/products/livecyc…	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/536958/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/bid/77626	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:41:08.599Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "HPSBST03568",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=145996963420108\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.html"
          },
          {
            "name": "1034210",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034210"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073670"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2015-0008.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html"
          },
          {
            "name": "20151123 CVE-2015-5255: SSRF vulnerability in Apache Flex BlazeDS 4.7.1",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/536958/100/0/threaded"
          },
          {
            "name": "77626",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/77626"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-11-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "HPSBST03568",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=145996963420108\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.html"
        },
        {
          "name": "1034210",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034210"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073670"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2015-0008.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html"
        },
        {
          "name": "20151123 CVE-2015-5255: SSRF vulnerability in Apache Flex BlazeDS 4.7.1",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/536958/100/0/threaded"
        },
        {
          "name": "77626",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/77626"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2015-5255",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "HPSBST03568",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=145996963420108\u0026w=2"
            },
            {
              "name": "https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.html"
            },
            {
              "name": "1034210",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034210"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073670",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073670"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2015-0008.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2015-0008.html"
            },
            {
              "name": "https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html"
            },
            {
              "name": "20151123 CVE-2015-5255: SSRF vulnerability in Apache Flex BlazeDS 4.7.1",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/536958/100/0/threaded"
            },
            {
              "name": "77626",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/77626"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-5255",
    "datePublished": "2015-11-18T21:00:00",
    "dateReserved": "2015-07-01T00:00:00",
    "dateUpdated": "2024-08-06T06:41:08.599Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2015-07736

CVE-2015-5255 (GCVE-0-2015-5255)

Tags

Sightings

Nomenclature