cnvd - cnvd-2015-07736

cnvd-2015-07736

Vulnerability from cnvd

Title: 多个Adobe产品服务器端请求伪造安全绕过漏洞

Description:

Adobe ColdFusion是一个动态Web服务器,其CFML是一种程序设计语言,类似现在的JSP里的JSTL。Adobe LiveCycle Data Services是美国奥多比（Adobe）公司的一套部署在应用服务器上并整合了RIA应用和J2EE等企业应用的服务器软件。

多个Adobe产品存在服务器端请求伪造安全绕过漏洞。允许远程攻击者利用此漏洞绕过某些安全限制执行未授权操作。

Severity: 中

Patch Name: 多个Adobe产品服务器端请求伪造安全绕过漏洞的补丁

Patch Description:

Adobe ColdFusion是一个动态Web服务器,其CFML是一种程序设计语言,类似现在的JSP里的JSTL。 Adobe LiveCycle Data Services是美国奥多比（Adobe）公司的一套部署在应用服务器上并整合了RIA应用和J2EE等企业应用的服务器软件。

多个Adobe产品存在服务器端请求伪造安全绕过漏洞。允许远程攻击者利用此漏洞绕过某些安全限制执行未授权操作。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

用户可联系供应商获得补丁信息： http://www.adobe.com/ http://www.adobe.com/products/coldfusion-family.html

Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5255 http://www.securityfocus.com/bid/77626

Impacted products

Name
['Adobe ColdFusion 10(<Update 18)', 'Adobe ColdFusion 11(<Update 7)', 'Adobe LiveCycle Data Services 3.0', 'Adobe LiveCycle Data Services \r\n4.5', 'Adobe LiveCycle Data Services \r\n4.6', 'Adobe LiveCycle Data Services \r\n4.7']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "77626"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-5255"
    }
  },
  "description": "Adobe ColdFusion\u662f\u4e00\u4e2a\u52a8\u6001Web\u670d\u52a1\u5668,\u5176CFML\u662f\u4e00\u79cd\u7a0b\u5e8f\u8bbe\u8ba1\u8bed\u8a00,\u7c7b\u4f3c\u73b0\u5728\u7684JSP\u91cc\u7684JSTL\u3002Adobe LiveCycle Data Services\u662f\u7f8e\u56fd\u5965\u591a\u6bd4\uff08Adobe\uff09\u516c\u53f8\u7684\u4e00\u5957\u90e8\u7f72\u5728\u5e94\u7528\u670d\u52a1\u5668\u4e0a\u5e76\u6574\u5408\u4e86RIA\u5e94\u7528\u548cJ2EE\u7b49\u4f01\u4e1a\u5e94\u7528\u7684\u670d\u52a1\u5668\u8f6f\u4ef6\u3002\r\n\r\n\u591a\u4e2aAdobe\u4ea7\u54c1\u5b58\u5728\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u7ed5\u8fc7\u67d0\u4e9b\u5b89\u5168\u9650\u5236\u6267\u884c\u672a\u6388\u6743\u64cd\u4f5c\u3002",
  "discovererName": "James Kettle of PortSwigger Web Security",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://www.adobe.com/\r\nhttp://www.adobe.com/products/coldfusion-family.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-07736",
  "openTime": "2015-11-23",
  "patchDescription": "Adobe ColdFusion\u662f\u4e00\u4e2a\u52a8\u6001Web\u670d\u52a1\u5668,\u5176CFML\u662f\u4e00\u79cd\u7a0b\u5e8f\u8bbe\u8ba1\u8bed\u8a00,\u7c7b\u4f3c\u73b0\u5728\u7684JSP\u91cc\u7684JSTL\u3002\r\nAdobe LiveCycle Data Services\u662f\u7f8e\u56fd\u5965\u591a\u6bd4\uff08Adobe\uff09\u516c\u53f8\u7684\u4e00\u5957\u90e8\u7f72\u5728\u5e94\u7528\u670d\u52a1\u5668\u4e0a\u5e76\u6574\u5408\u4e86RIA\u5e94\u7528\u548cJ2EE\u7b49\u4f01\u4e1a\u5e94\u7528\u7684\u670d\u52a1\u5668\u8f6f\u4ef6\u3002\r\n\r\n\u591a\u4e2aAdobe\u4ea7\u54c1\u5b58\u5728\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u7ed5\u8fc7\u67d0\u4e9b\u5b89\u5168\u9650\u5236\u6267\u884c\u672a\u6388\u6743\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u4e2aAdobe\u4ea7\u54c1\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Adobe ColdFusion 10(\u003cUpdate 18)",
      "Adobe ColdFusion  11(\u003cUpdate 7)",
      "Adobe LiveCycle Data Services 3.0",
      "Adobe LiveCycle Data Services \r\n4.5",
      "Adobe LiveCycle Data Services \r\n4.6",
      "Adobe LiveCycle Data Services \r\n4.7"
    ]
  },
  "referenceLink": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5255\r\nhttp://www.securityfocus.com/bid/77626",
  "serverity": "\u4e2d",
  "submitTime": "2015-11-19",
  "title": "\u591a\u4e2aAdobe\u4ea7\u54c1\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

CVE-2015-5255 (GCVE-0-2015-5255)

Vulnerability from cvelistv5

Published

2015-11-18 21:00

Modified

2024-08-06 06:41

Severity ?

CWE

Summary

Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue.

References

▼	URL	Tags
	http://marc.info/?l=bugtraq&m=145996963420108&w=2	vendor-advisory, x_refsource_HP
	https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html	x_refsource_CONFIRM
	http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.html	x_refsource_MISC
	http://www.securitytracker.com/id/1034210	vdb-entry, x_refsource_SECTRACK
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073670	x_refsource_CONFIRM
	http://www.vmware.com/security/advisories/VMSA-2015-0008.html	x_refsource_CONFIRM
	https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/536958/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.securityfocus.com/bid/77626	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:41:08.599Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "HPSBST03568",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=145996963420108\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.html"
          },
          {
            "name": "1034210",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034210"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073670"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2015-0008.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html"
          },
          {
            "name": "20151123 CVE-2015-5255: SSRF vulnerability in Apache Flex BlazeDS 4.7.1",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/536958/100/0/threaded"
          },
          {
            "name": "77626",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/77626"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-11-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "HPSBST03568",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=145996963420108\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.html"
        },
        {
          "name": "1034210",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034210"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073670"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2015-0008.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html"
        },
        {
          "name": "20151123 CVE-2015-5255: SSRF vulnerability in Apache Flex BlazeDS 4.7.1",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/536958/100/0/threaded"
        },
        {
          "name": "77626",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/77626"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2015-5255",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "HPSBST03568",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=145996963420108\u0026w=2"
            },
            {
              "name": "https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.html"
            },
            {
              "name": "1034210",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034210"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073670",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073670"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2015-0008.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2015-0008.html"
            },
            {
              "name": "https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html"
            },
            {
              "name": "20151123 CVE-2015-5255: SSRF vulnerability in Apache Flex BlazeDS 4.7.1",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/536958/100/0/threaded"
            },
            {
              "name": "77626",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/77626"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-5255",
    "datePublished": "2015-11-18T21:00:00",
    "dateReserved": "2015-07-01T00:00:00",
    "dateUpdated": "2024-08-06T06:41:08.599Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted