JVNDB-2015-004431

JVNDB-2015-004431
Adobe LiveCycle Data Services �ｽﾈどの撰ｿｽ�ｽi�ｽ�ｽ flex-messaging-core.jar �ｽﾅ使�ｽp�ｽ�ｽ�ｽ�ｽ�ｽ Apache Flex BlazeDS �ｽﾉゑｿｽ�ｽ�ｽ�ｽ�ｽC�ｽﾓのフ�ｽ@�ｽC�ｽ�ｽ�ｽ�ｽﾇまゑｿｽ�ｽﾆ弱性
�ｽT�ｽv
Adobe LiveCycle Data Services (LCDS) �ｽﾈどの撰ｿｽ�ｽi�ｽ�ｽ flex-messaging-core.jar �ｽﾅ使�ｽp�ｽ�ｽ�ｽ�ｽ�ｽ Apache Flex BlazeDS �ｽﾉは、�ｽC�ｽﾓのフ�ｽ@�ｽC�ｽ�ｽ�ｽ�ｽﾇまゑｿｽ�ｽﾆ弱性�ｽ�ｽ�ｽ�ｽ�ｽﾝゑｿｽ�ｽﾜゑｿｽ�ｽB �ｽ{�ｽ�ｽ�ｽﾍ、XML �ｽO�ｽ�ｽ�ｽG�ｽ�ｽ�ｽe�ｽB�ｽe�ｽB (XXE) �ｽﾌ厄ｿｽ�ｽﾉ関ゑｿｽ�ｽ�ｽﾆ弱性�ｽﾅゑｿｽ�ｽB
CVSS �ｽﾉゑｿｽ�ｽ[�ｽ�ｽ�ｽx (CVSS �ｽﾆゑｿｽ?)
CVSS v2 �ｽﾉゑｿｽ�ｽ[�ｽ�ｽ�ｽx �ｽ�ｽ{�ｽl: 5.0 (�ｽx�ｽ�ｽ) [NVD�ｽl] �ｽU�ｽ�ｽ�ｽ�ｽ�ｽ謨ｪ: �ｽl�ｽb�ｽg�ｽ�ｽ�ｽ[�ｽN �ｽU�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽﾌ包ｿｽ�ｽG�ｽ�ｽ: �ｽ�ｽ �ｽU�ｽ�ｽ�ｽO�ｽﾌ認�ｽﾘ要�ｽ�ｽ: �ｽs�ｽv �ｽ@�ｽ�ｽ�ｽ�ｽ�ｽﾖの影�ｽ�ｽ(C): �ｽ�ｽ�ｽ�ｽ�ｽI �ｽ�ｽ�ｽS�ｽ�ｽ�ｽﾖの影�ｽ�ｽ(I): �ｽﾈゑｿｽ �ｽﾂ用�ｽ�ｽ�ｽﾖの影�ｽ�ｽ(A): �ｽﾈゑｿｽ
�ｽe�ｽ�ｽ�ｽ�ｽ�ｽｯゑｿｽV�ｽX�ｽe�ｽ�ｽ

�ｽA�ｽh�ｽr�ｽV�ｽX�ｽe�ｽ�ｽ�ｽY Adobe LiveCycle Data Services 3.0.0.354170 �ｽ�ｽ�ｽ�ｽ�ｽ�ｽ 3.0.x Adobe LiveCycle Data Services 4.5.1.354169 �ｽ�ｽ�ｽ�ｽ�ｽ�ｽ 4.5 Adobe LiveCycle Data Services 4.6.2.354169 �ｽ�ｽ�ｽ�ｽ�ｽ�ｽ 4.6.2 Adobe LiveCycle Data Services 4.7.0.354169 �ｽ�ｽ�ｽ�ｽ�ｽ�ｽ 4.7 �ｽ�ｽ�ｽ�ｽ Hitachi Automation Director Hitachi Compute Systems Manager Software (�ｽC�ｽO�ｽ�ｽ) Hitachi Compute Systems Manager Software (�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ) Hitachi Device Manager Software Hitachi IT Operations Director Job Management Partner 1/Automatic Operation Job Management Partner 1/IT Desktop Management 2 - Manager Job Management Partner 1/IT Desktop Management - Manager JP1/Automatic Operation JP1/IT Desktop Management 2 - Manager JP1/IT Desktop Management - Manager
�ｽA�ｽh�ｽr�ｽV�ｽX�ｽe�ｽ�ｽ�ｽY�ｽ�ｽ�ｽi�ｽﾉ関ゑｿｽ�ｽﾄ： Windows �ｽ�ｽ�ｽ�ｽ�ｽ Linux �ｽ�ｽﾅ稼難ｿｽ�ｽ�ｽ�ｽ�ｽ�ｽL�ｽo�ｽ[�ｽW�ｽ�ｽ�ｽ�ｽ�ｽﾌ撰ｿｽ�ｽi�ｽ�ｽ�ｽA�ｽ{�ｽﾆ弱性�ｽﾌ影�ｽ�ｽ�ｽ�ｽ�ｽｯまゑｿｽ�ｽB �ｽ{�ｽﾆ弱性�ｽﾌ影�ｽ�ｽ�ｽ�ｽ�ｽｯゑｿｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽi�ｽﾌ詳細につゑｿｽ�ｽﾄは、�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽ HS16-005 �ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽm�ｽF�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽB
�ｽz�ｽ閧ｳ�ｽ�ｽ�ｽe�ｽ�ｽ
�ｽ�ｽO�ｽﾒにゑｿｽ�ｽA�ｽG�ｽ�ｽ�ｽe�ｽB�ｽe�ｽB�ｽQ�ｽﾆに関連�ｽ�ｽ�ｽ�ｽ XML �ｽO�ｽ�ｽ�ｽG�ｽ�ｽ�ｽe�ｽB�ｽe�ｽB�ｽ骭ｾ�ｽ�ｽ�ｽﾜゑｿｽ AMF �ｽ�ｽ�ｽb�ｽZ�ｽ[�ｽW�ｽ�ｽ�ｽ薰ｵ�ｽﾄ、�ｽC�ｽﾓのフ�ｽ@�ｽC�ｽ�ｽ�ｽ�ｽﾇまゑｿｽ�ｽﾂ能�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽﾜゑｿｽ�ｽB
�ｽﾎ搾ｿｽ
�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ關ｳ�ｽ�ｽ�ｽﾈ対策が鯉ｿｽ�ｽJ�ｽ�ｽ�ｽ�ｽﾄゑｿｽ�ｽﾜゑｿｽ�ｽB�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽ�ｽ�ｽQ�ｽﾆゑｿｽ�ｽﾄ適�ｽﾘな対搾ｿｽ�ｽ�ｽ�ｽ�ｽ{�ｽ�ｽ�ｽﾄゑｿｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽB
�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽ
�ｽA�ｽh�ｽr�ｽV�ｽX�ｽe�ｽ�ｽ�ｽY Adobe Security Bulletin : APSB15-20 Adobe �ｽZ�ｽL�ｽ�ｽ�ｽ�ｽ�ｽe�ｽB�ｽ�ｽ�ｽ : APSB15-20 �ｽ�ｽ�ｽ�ｽ Hitachi Software Vulnerability Information : HS16-005 Hitachi Software Vulnerability Information : HS15-028 Hitachi Software Vulnerability Information : HS16-009 �ｽ\�ｽt�ｽg�ｽE�ｽF�ｽA�ｽ�ｽ�ｽi�ｽZ�ｽL�ｽ�ｽ�ｽ�ｽ�ｽe�ｽB�ｽ�ｽ�ｽ : HS16-005 �ｽ\�ｽt�ｽg�ｽE�ｽF�ｽA�ｽ�ｽ�ｽi�ｽZ�ｽL�ｽ�ｽ�ｽ�ｽ�ｽe�ｽB�ｽ�ｽ�ｽ : HS15-028 �ｽ\�ｽt�ｽg�ｽE�ｽF�ｽA�ｽ�ｽ�ｽi�ｽZ�ｽL�ｽ�ｽ�ｽ�ｽ�ｽe�ｽB�ｽ�ｽ�ｽ : HS16-009
CWE�ｽﾉゑｿｽ�ｽﾆ弱性�ｽ^�ｽC�ｽv�ｽ齬� CWE�ｽﾆゑｿｽ?
�ｽ�ｽ�ｽR�ｽ�ｽ�ｽ�ｽ(CWE-200) [NVD�ｽ]�ｽ�ｽ]
�ｽ�ｽ�ｽﾊ脆弱性�ｽ�ｽ�ｽﾊ子(CVE) CVE�ｽﾆゑｿｽ?
CVE-2015-3269
�ｽQ�ｽl�ｽ�ｽ�ｽ
National Vulnerability Database (NVD) : CVE-2015-3269 �ｽﾖ連�ｽ�ｽ�ｽ�ｽ : CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability
�ｽX�ｽV�ｽ�ｽ�ｽ�ｽ
[2015�ｽN08�ｽ�ｽ27�ｽ�ｽ] �ｽf�ｽ�ｽ [2016�ｽN02�ｽ�ｽ15�ｽ�ｽ] �ｽe�ｽ�ｽ�ｽ�ｽ�ｽｯゑｿｽV�ｽX�ｽe�ｽ�ｽ�ｽF�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽﾌ追会ｿｽ�ｽﾉ費ｿｽ�ｽ�ｽ�ｽ�ｽ�ｽe�ｽ�ｽ�ｽX�ｽV �ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽF�ｽ�ｽ�ｽ�ｽ (HS16-005) �ｽ�ｽﾇ会ｿｽ [2016�ｽN02�ｽ�ｽ22�ｽ�ｽ] �ｽe�ｽ�ｽ�ｽ�ｽ�ｽｯゑｿｽV�ｽX�ｽe�ｽ�ｽ�ｽF�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽﾌ追会ｿｽ�ｽﾉ費ｿｽ�ｽ�ｽ�ｽ�ｽ�ｽe�ｽ�ｽ�ｽX�ｽV �ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽF�ｽ�ｽ�ｽ�ｽ (HS15-028) �ｽ�ｽﾇ会ｿｽ [2016�ｽN03�ｽ�ｽ24�ｽ�ｽ] �ｽe�ｽ�ｽ�ｽ�ｽ�ｽｯゑｿｽV�ｽX�ｽe�ｽ�ｽ�ｽF�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽﾌ追会ｿｽ�ｽﾉ費ｿｽ�ｽ�ｽ�ｽ�ｽ�ｽe�ｽ�ｽ�ｽX�ｽV �ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽF�ｽ�ｽ�ｽ�ｽ (HS16-009) �ｽ�ｽﾇ会ｿｽ


�ｽ�ｽ�ｽ\�ｽ�ｽ	2015/08/18
�ｽo�ｽ^�ｽ�ｽ	2015/08/27
�ｽﾅ終�ｽX�ｽV�ｽ�ｽ	2016/03/24

Adobe LiveCycle Data Services �ｽﾈどの撰ｿｽ�ｽi�ｽ�ｽ flex-messaging-core.jar �ｽﾅ使�ｽp�ｽ�ｽ�ｽ�ｽ�ｽ Apache Flex BlazeDS �ｽﾉゑｿｽ�ｽ�ｽ�ｽ�ｽC�ｽﾓのフ�ｽ@�ｽC�ｽ�ｽ�ｽ�ｽﾇまゑｿｽ�ｽﾆ弱性