CVE-2015-5255

Published: Nov 18, 2015Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue.

Affected (8)

Products: Hp: Xp7 Command View Advanced Edition, Xp P9000 Command View Advanced Edition · Adobe: Coldfusion, Livecycle Data Services

2 products

Xp7 Command View Advanced Edition

Xp P9000 Command View Advanced Edition

2 products

Livecycle Data Services

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Hp Xp7 Command View Advanced Edition	All versions
Hp Xp P9000 Command View Advanced Edition	All versions

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Adobe Coldfusion	Up to 10.0
Adobe Coldfusion	Up to 11.0

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Adobe Livecycle Data Services	Version 3.0
Adobe Livecycle Data Services	Version 4.5
Adobe Livecycle Data Services	Version 4.6
Adobe Livecycle Data Services	Version 4.7

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (18)

http://marc.info/?l=bugtraq&m=145996963420108&w=2

Source: secalert@redhat.com

Third Party Advisory

http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.html

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/536958/100/0/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/bid/77626

Source: secalert@redhat.com

http://www.securitytracker.com/id/1034210

Source: secalert@redhat.com

http://www.vmware.com/security/advisories/VMSA-2015-0008.html

Source: secalert@redhat.com

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073670

Source: secalert@redhat.com

Third Party Advisory

https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html

Source: secalert@redhat.com

PatchVendor Advisory

https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html

Source: secalert@redhat.com

PatchVendor Advisory

http://marc.info/?l=bugtraq&m=145996963420108&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/536958/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/77626

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1034210

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vmware.com/security/advisories/VMSA-2015-0008.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073670

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.