Vulnerability Details CVE-2009-3960
Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.896
EPSS Ranking 99.5%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
Proposed Action
Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability that allows for information disclosure.
Ransomware Campaign
Known
References
- http://secunia.com/advisories/38543
- http://securitytracker.com/id?1023584
- http://www.adobe.com/support/security/bulletins/apsb10-05.html
- http://www.osvdb.org/62292
- http://www.securityfocus.com/bid/38197
- https://www.exploit-db.com/exploits/41855/
- http://secunia.com/advisories/38543
- http://securitytracker.com/id?1023584
- http://www.adobe.com/support/security/bulletins/apsb10-05.html
- http://www.osvdb.org/62292
- http://www.securityfocus.com/bid/38197
- https://www.exploit-db.com/exploits/41855/
Products affected by CVE-2009-3960
-
cpe:2.3:a:adobe:blazeds:*
-
cpe:2.3:a:adobe:coldfusion:7.0.2
-
cpe:2.3:a:adobe:coldfusion:8.0
-
cpe:2.3:a:adobe:coldfusion:8.0.1
-
cpe:2.3:a:adobe:coldfusion:9.0
-
cpe:2.3:a:adobe:flex_data_services:2.0.1
-
cpe:2.3:a:adobe:livecycle:8.0.1
-
cpe:2.3:a:adobe:livecycle:8.2.1
-
cpe:2.3:a:adobe:livecycle:9.0
-
cpe:2.3:a:adobe:livecycle_data_services:2.5.1
-
cpe:2.3:a:adobe:livecycle_data_services:2.6.1
-
cpe:2.3:a:adobe:livecycle_data_services:3.0