1. CVE-Search
  2. CVE-2009-3960
ID CVE-2009-3960
Summary Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.
References
Vulnerable Configurations
  • cpe:2.3:a:adobe:blazeds:*:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:blazeds:*:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:coldfusion:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:coldfusion:7.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:coldfusion:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:coldfusion:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:coldfusion:8.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:coldfusion:8.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:coldfusion:9.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:coldfusion:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flex_data_services:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flex_data_services:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:lifecycle:8.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:lifecycle:8.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:lifecycle:8.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:lifecycle:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:lifecycle:9.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:lifecycle:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:lifecycle_data_services:2.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:lifecycle_data_services:2.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:lifecycle_data_services:2.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:lifecycle_data_services:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:lifecycle_data_services:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:lifecycle_data_services:3.0:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 16-08-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:N/A:N
d2sec via4
name Adobe XML External Entity File Disclosure
url http://www.d2sec.com/exploits/adobe_xml_external_entity_file_disclosure.html
refmap via4
bid 38197
confirm http://www.adobe.com/support/security/bulletins/apsb10-05.html
exploit-db 41855
osvdb 62292
sectrack 1023584
secunia 38543
Last major update 16-08-2017 - 01:29
Published 15-02-2010 - 18:30
Last modified 16-08-2017 - 01:29
Back to Top