Improper input validation in Adobe Coldfusion
CVE-2015-5255
Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.029 (86.6th percentile) — read the EPSS interpretation.
Affected products
- Adobe Coldfusion
- Adobe Livecycle_data_services — versions 3.0, 4.5, 4.6
- Hp Xp7_command_view_advanced_edition
- Hp Xp_p9000_command_view_advanced_edition
- N/a — versions n/a
Weakness classification (CWE)
References
- HPSBST03568 (x_refsource_HP, vendor-advisory, Third Party Advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
- secalert@redhat.com (x_refsource_MISC)
- 1034210 (vdb-entry, x_refsource_SECTRACK)
- secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
- 20151123 CVE-2015-5255: SSRF vulnerability in Apache Flex BlazeDS 4.7.1 (mailing-list, x_refsource_BUGTRAQ)
- 77626 (vdb-entry, x_refsource_BID)