[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2015-5255: SSRF vulnerability in Apache Flex BlazeDS 4.7.1
From: "Christofer Dutz" <cdutz () apache ! org>
Date: 2015-11-23 14:17:09
Message-ID: op.x8j4mv0bn9yd54 () christofers-macbook-pro ! local
[Download RAW message or body]
CVE-2015-5255: SSRF vulnerability in Apache Flex BlazeDS 4.7.1
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected: BlazeDS 4.7.0 and 4.7.1
Description: The code in BlazeDS to deserialize AMF XML datatypes allows=
so-called SSRF Attacks
(Server Side Request Forgery) in which the server could contact a remote=
service on
behalf of the attacker. The attacker could hereby circumvent firewall
restrictions.
Mitigation: 4.7.x users should upgrade to 4.7.2
Example: For XML object containing the following string representation:
<!DOCTYPE foo PUBLIC "-//VSR//PENTEST//EN"
"http://protected-server/protected-service"><foo>Some content</foo>
The server could access the url:
http://protected-server/protected-service
Even if directly accessing this resource is prevented by firewall rules.=
Credit: This issue was discovered by =EF=BB=BFJames Kettle of PortSwigge=
r Ltd.
References:
http://www.vsecurity.com/download/papers/XMLDTDEntityAttacks.pdf
Christofer Dutz
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic