CVE ID:	CVE-2015-5255
Description:	Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5255 BugTraq ID: 77626 http://www.securityfocus.com/bid/77626 Bugtraq: 20151123 CVE-2015-5255: SSRF vulnerability in Apache Flex BlazeDS 4.7.1 (Google Search) http://www.securityfocus.com/archive/1/536958/100/0/threaded HPdes Security Advisory: HPSBST03568 http://marc.info/?l=bugtraq&m=145996963420108&w=2 http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.html http://www.securitytracker.com/id/1034210