Vigil@nce - Adobe LiveCycle Data Services: Server Side Request Forgery of BlazeDS
January 2016 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can trigger a Server Side Request Forgery in BlazeDS
of Adobe LiveCycle Data Services, in order to access to filtered
web services.
– Impacted products: Adobe LiveCycle.
– Severity: 2/4.
– Creation date: 18/11/2015.
DESCRIPTION OF THE VULNERABILITY
The Adobe LiveCycle Data Services product uses BlazeDS to exchange
messages in flex-messaging-core.jar.
However, using special XML data, an attacker can force BlazeDS to
send a query to a private server. This vulnerability of BlazeDS is
described in VIGILANCE-VUL-18568.
An attacker can therefore trigger a Server Side Request Forgery in
BlazeDS of Adobe LiveCycle Data Services, in order to access to
filtered web services.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN