CVE-2009-3960

Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.
References
Link Resource
http://secunia.com/advisories/38543 Broken Link
http://securitytracker.com/id?1023584 Broken Link Third Party Advisory VDB Entry
http://www.adobe.com/support/security/bulletins/apsb10-05.html Not Applicable Vendor Advisory
http://www.osvdb.org/62292 Broken Link
http://www.securityfocus.com/bid/38197 Broken Link Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/41855/ Exploit Third Party Advisory VDB Entry
http://secunia.com/advisories/38543 Broken Link
http://securitytracker.com/id?1023584 Broken Link Third Party Advisory VDB Entry
http://www.adobe.com/support/security/bulletins/apsb10-05.html Not Applicable Vendor Advisory
http://www.osvdb.org/62292 Broken Link
http://www.securityfocus.com/bid/38197 Broken Link Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/41855/ Exploit Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:adobe:blazeds:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:8.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:9.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flex_data_services:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:lifecycle:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:lifecycle:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:lifecycle:9.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:lifecycle_data_services:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:lifecycle_data_services:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:lifecycle_data_services:3.0:*:*:*:*:*:*:*

History

21 Nov 2024, 01:08

Type Values Removed Values Added
References () http://secunia.com/advisories/38543 - Broken Link () http://secunia.com/advisories/38543 - Broken Link
References () http://securitytracker.com/id?1023584 - Broken Link, Third Party Advisory, VDB Entry () http://securitytracker.com/id?1023584 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.adobe.com/support/security/bulletins/apsb10-05.html - Not Applicable, Vendor Advisory () http://www.adobe.com/support/security/bulletins/apsb10-05.html - Not Applicable, Vendor Advisory
References () http://www.osvdb.org/62292 - Broken Link () http://www.osvdb.org/62292 - Broken Link
References () http://www.securityfocus.com/bid/38197 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/38197 - Broken Link, Third Party Advisory, VDB Entry
References () https://www.exploit-db.com/exploits/41855/ - Exploit, Third Party Advisory, VDB Entry () https://www.exploit-db.com/exploits/41855/ - Exploit, Third Party Advisory, VDB Entry

16 Jul 2024, 17:43

Type Values Removed Values Added
CVSS v2 : 4.3
v3 : unknown
v2 : 4.3
v3 : 6.5
References () http://secunia.com/advisories/38543 - () http://secunia.com/advisories/38543 - Broken Link
References () http://securitytracker.com/id?1023584 - () http://securitytracker.com/id?1023584 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.adobe.com/support/security/bulletins/apsb10-05.html - Vendor Advisory () http://www.adobe.com/support/security/bulletins/apsb10-05.html - Not Applicable, Vendor Advisory
References () http://www.osvdb.org/62292 - () http://www.osvdb.org/62292 - Broken Link
References () http://www.securityfocus.com/bid/38197 - () http://www.securityfocus.com/bid/38197 - Broken Link, Third Party Advisory, VDB Entry
References () https://www.exploit-db.com/exploits/41855/ - () https://www.exploit-db.com/exploits/41855/ - Exploit, Third Party Advisory, VDB Entry

Information

Published : 2010-02-15 18:30

Updated : 2024-11-21 01:08


NVD link : CVE-2009-3960

Mitre link : CVE-2009-3960

CVE.ORG link : CVE-2009-3960


JSON object : View

Products Affected

adobe

  • blazeds
  • coldfusion
  • flex_data_services
  • lifecycle_data_services
  • lifecycle