← back
CVE-2015-5255

CVE-2015-5255

EPSS 4.5%
Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://marc.info/?l=bugtraq&m=145996963420108&w=2http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.htmlhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073670https://helpx.adobe.com/security/products/coldfusion/apsb15-29.htmlhttps://helpx.adobe.com/security/products/livecycleds/apsb15-30.htmlhttp://www.securityfocus.com/archive/1/536958/100/0/threadedhttp://www.securityfocus.com/bid/77626http://www.securitytracker.com/id/1034210http://www.vmware.com/security/advisories/VMSA-2015-0008.html