Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2015-11-18T21:00:00
Updated: 2018-10-09T18:57:01
Reserved: 2015-07-01T00:00:00
Link: CVE-2015-5255
JSON object: View
NVD Information
Status : Modified
Published: 2015-11-18T21:59:00.130
Modified: 2020-09-04T14:05:50.570
Link: CVE-2015-5255
JSON object: View
Redhat Information
No data.
CWE