Home / exploits Apache Flex BlazeDS 4.7.1 SSRF
Posted on 24 November 2015
CVE-2015-5255: SSRF vulnerability in Apache Flex BlazeDS 4.7.1 Severity: Important Vendor: The Apache Software Foundation Versions Affected: BlazeDS 4.7.0 and 4.7.1 Description: The code in BlazeDS to deserialize AMF XML datatypes allows so-called SSRF Attacks (Server Side Request Forgery) in which the server could contact a remote service on behalf of the attacker. The attacker could hereby circumvent firewall restrictions. Mitigation: 4.7.x users should upgrade to 4.7.2 Example: For XML object containing the following string representation: <!DOCTYPE foo PUBLIC "-//VSR//PENTEST//EN" "http://protected-server/protected-service"><foo>Some content</foo> The server could access the url: http://protected-server/protected-service Even if directly accessing this resource is prevented by firewall rules. Credit: This issue was discovered by James Kettle of PortSwigger Ltd. References: http://www.vsecurity.com/download/papers/XMLDTDEntityAttacks.pdf Christofer Dutz
