Vulnerability CVE-2015-5255 - CERT Civis.Net

Vulnerability Name:

CVE-2015-5255 (CCN-108104)

Assigned:

2015-11-17

Published:

2015-11-17

Updated:

2020-09-04

Summary:

Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue.

CVSS v3 Severity:

8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2015-5255

Source: CCN
Type: Apache Web site
Flex BlazeDS

Source: HP
Type: Third Party Advisory
HPSBST03568

Source: MISC
Type: UNKNOWN
http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.html

Source: CCN
Type: Bugtraq Mailing List, Mon, 23 Nov 2015 15:17:09 +0100
CVE-2015-5255: SSRF vulnerability in Apache Flex BlazeDS 4.7.1

Source: BUGTRAQ
Type: UNKNOWN
20151123 CVE-2015-5255: SSRF vulnerability in Apache Flex BlazeDS 4.7.1

Source: BID
Type: UNKNOWN
77626

Source: CCN
Type: BID-77626
Multiple Adobe Products CVE-2015-5255 Server Side Request Forgery Security Bypass Vulnerability

Source: SECTRACK
Type: UNKNOWN
1034210

Source: CONFIRM
Type: UNKNOWN
http://www.vmware.com/security/advisories/VMSA-2015-0008.html

Source: XF
Type: UNKNOWN
adobe-coldfusion-cve20155255-ssrf(108104)

Source: CONFIRM
Type: Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073670

Source: CCN
Type: Adobe Security Bulletin APSB15-29
Security Update: Hotfix available for ColdFusion

Source: CONFIRM
Type: Patch, Vendor Advisory
https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html

Source: CCN
Type: Adobe Security Bulletin APSB15-30
Security Update Available for LiveCycle Data Services

Source: CONFIRM
Type: Patch, Vendor Advisory
https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html

Source: CCN
Type: Packet Storm Security [11-23-2015]
Apache Flex BlazeDS 4.7.1 SSRF

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2015-5255

Vulnerable Configuration:

Configuration 1:

cpe:/a:hp:xp7_command_view_advanced_edition:-:*:*:*:*:*:*:*

OR cpe:/a:hp:xp_p9000_command_view_advanced_edition:-:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:adobe:coldfusion:*:update17:*:*:*:*:*:* (Version <= 10.0)

OR cpe:/a:adobe:coldfusion:*:update6:*:*:*:*:*:* (Version <= 11.0)

Configuration 3:

cpe:/a:adobe:livecycle_data_services:3.0:*:*:*:*:*:*:*

OR cpe:/a:adobe:livecycle_data_services:4.5:*:*:*:*:*:*:*

OR cpe:/a:adobe:livecycle_data_services:4.6:*:*:*:*:*:*:*

OR cpe:/a:adobe:livecycle_data_services:4.7:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:adobe:livecycle_data_services:3.1:*:*:*:*:*:*:*

OR cpe:/a:adobe:coldfusion:10.0:*:*:*:*:*:*:*

OR cpe:/a:adobe:coldfusion:11.0:*:*:*:*:*:*:*

OR cpe:/a:adobe:livecycle_data_services:4.7:*:*:*:*:*:*:*

OR cpe:/a:adobe:livecycle_data_services:4.5:*:*:*:*:*:*:*

OR cpe:/a:adobe:livecycle_data_services:3.0:*:*:*:*:*:*:*

Denotes that component is vulnerable