CVE-2015-5255

CVE Database · CVE-2015-5255

CVE-2015-5255

· N/AModified

CVSS v3.1

N/A

EPSS

4.48%

Published

Nov 18, 2015

Modified

May 6, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue.

Weaknesses (CWE)

CWE-20

Affected Products (8)

hp · xp_p9000_command_view_advanced_editionvulnerable

hp · xp7_command_view_advanced_editionvulnerable

adobe · coldfusionvulnerable

adobe · livecycle_data_servicesvulnerable

References (18)

http://marc.info/?l=bugtraq&m=145996963420108&w=2

Third Party Advisory

http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.html

http://www.securityfocus.com/archive/1/536958/100/0/threaded