CVE-2015-5255

medium

HPE

CVSS v3 Base Score

4.3

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS Score

2.9%

Exploitation probability in 30 days

Top 14% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Confidentiality

None

Integrity

Availability

None

Published: November 18, 2015 (3830 days ago)

Last Modified: May 6, 2026

Vendor: HPE

Source: NVD

Description

Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue.

CWE

CWE-20

Affected Products

hp xp p9000 command view advanced editionhp xp7 command view advanced editionadobe coldfusionadobe livecycle data services

References

🔗 marc.info 🔗 packetstormsecurity.com 🔗 www.securityfocus.com 🔗 www.securityfocus.com 🔗 www.securitytracker.com

CVE-2015-5255

Vulnerability Report

Description

CWE

Affected Products

References