Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2009-3960

Published: 15/02/2010 Updated: 16/08/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 470
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Lifecycle Data Services

Vulnerability Summary

Unspecified vulnerability in BlazeDS 3.2 and previous versions, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote malicious users to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

adobe lifecycle data services 3.0

adobe flex data services 2.0.1

adobe lifecycle data services 2.5.1

adobe lifecycle data services 2.6.1

adobe coldfusion 9.0

adobe lifecycle 8.2.1

adobe lifecycle 9.0

adobe coldfusion 8.0.1

adobe blazeds

adobe lifecycle 8.0.1

adobe coldfusion 7.0.2

adobe coldfusion 8.0

Exploits

Exploit DB: Adobe Products XML External Entity And XML Injection
Security-Assessmentcom discovered that multiple Adobe products with different Data Services versions are vulnerable to XML External Entity (XXE) and XML injection attacks ...
Exploit DB: Adobe (Multiple Products) - XML External Entity / XML Injection
( , ) (, `' ) (' ', ) , (' ( ) ( (_,) `), ) _ _, / _____/ / _ \ ____ ____ _____ \____ \==/ /_\ \ _/ ___\/ _ \ / \ / \/ | \\ \__( <_> ) Y Y \ /______ /\___|__ / \___ >____/|__|_| / \/ \/- \/ \/:wq (x0) ...
Exploit DB: Adobe (Multiple Products) - XML Injection File Content Disclosure
#!/bin/bash # # Exploit Title: Adobe XML Injection file content disclosure # Date: 07-04-2017 # Exploit Author: Thomas Sluyter # Website: wwwkilalanl # Vendor Homepage: wwwadobecom/support/security/bulletins/apsb10-05html # Version: Multiple Adobe products # Tested on: Windows Server 2003, ColdFusion 80 Enterprise # CVE : 2009- ...

References

NVD-CWE-noinfohttp://securitytracker.com/id?1023584http://www.securityfocus.com/bid/38197http://www.osvdb.org/62292http://www.adobe.com/support/security/bulletins/apsb10-05.htmlhttp://secunia.com/advisories/38543https://www.exploit-db.com/exploits/41855/https://nvd.nist.govhttps://packetstormsecurity.com/files/86558/Adobe-Products-XML-External-Entity-And-XML-Injection.htmlhttps://www.exploit-db.com/exploits/11529/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook