CVE-2015-5255

Currently unrated

Key Information:

Vendor: HP
Status: Xp7 Command View Advanced Edition; Xp P9000 Command View Advanced Edition
Vendor: CVE Published:; 18 November 2015

Summary

Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue.

References

http://marc.info/?l=bugtraq&m=145996963420108&w=2

vendor-advisoryx_refsource_HP

https://helpx.adobe.com/security/products/coldfusion/apsb...

x_refsource_CONFIRM

http://packetstormsecurity.com/files/134506/Apache-Flex-B...

x_refsource_MISC

Timeline

Vulnerability published
Nov 18, 2015
Vulnerability Reserved
Jul 1, 2015