CVE-2015-5255

2015-11-1821:59:00

CWE-20

[email protected]

web.nvd.nist.gov

adobe

blazeds

coldfusion

livecycle data services

cve-2015-5255

ssrf

security vulnerability

http

xml

nvd

6.5 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

69.7%

JSON

Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue.

CPENameOperatorVersion
hp:xp7_command_view_advanced_editionhp xp7 command view advanced editioneq-
hp:xp_p9000_command_view_advanced_editionhp xp p9000 command view advanced editioneq-
adobe:coldfusionadobe coldfusionle10.0
adobe:coldfusionadobe coldfusionle11.0
adobe:livecycle_data_servicesadobe livecycle data serviceseq4.6
adobe:livecycle_data_servicesadobe livecycle data serviceseq3.0
adobe:livecycle_data_servicesadobe livecycle data serviceseq4.7
adobe:livecycle_data_servicesadobe livecycle data serviceseq4.5

CPE	Name	Operator	Version
hp:xp7_command_view_advanced_edition	hp xp7 command view advanced edition	eq	-
hp:xp_p9000_command_view_advanced_edition	hp xp p9000 command view advanced edition	eq	-
adobe:coldfusion	adobe coldfusion	le	10.0
adobe:coldfusion	adobe coldfusion	le	11.0
adobe:livecycle_data_services	adobe livecycle data services	eq	4.6
adobe:livecycle_data_services	adobe livecycle data services	eq	3.0
adobe:livecycle_data_services	adobe livecycle data services	eq	4.7
adobe:livecycle_data_services	adobe livecycle data services	eq	4.5