Improper Input Validation Affecting org.apache.flex.blazeds:flex-messaging-core Open this link in a new tab package, versions [,4.7.1)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
24 Nov 2015
18 Nov 2015
How to fix?
org.apache.flex.blazeds:flex-messaging-core to version 4.7.1 or higher.
org.apache.flex.blazeds:flex-messaging-core is a flex messaging core component for blazDS
Affected versions of this package are vulnerable to Improper Input Validation. It allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue.