CVE-2009-3960

Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://securitytracker.com/id?1023584
http://www.securityfocus.com/bid/38197
http://www.osvdb.org/62292
http://www.adobe.com/support/security/bulletins/apsb10-05.html	Vendor Advisory
http://secunia.com/advisories/38543
https://www.exploit-db.com/exploits/41855/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:adobe:lifecycle_data_services:3.0:::::::*
	cpe:2.3:a:adobe:flex_data_services:2.0.1:::::::*
	cpe:2.3:a:adobe:lifecycle_data_services:2.5.1:::::::*
	cpe:2.3:a:adobe:lifecycle_data_services:2.6.1:::::::*
	cpe:2.3:a:adobe:coldfusion:9.0:::::::*
	cpe:2.3:a:adobe:lifecycle:8.2.1:::::::*
	cpe:2.3:a:adobe:lifecycle:9.0:::::::*
	cpe:2.3:a:adobe:coldfusion:8.0.1:::::::*
	cpe:2.3:a:adobe:blazeds::::::::
	cpe:2.3:a:adobe:lifecycle:8.0.1:::::::*
	cpe:2.3:a:adobe:coldfusion:7.0.2:::::::*
	cpe:2.3:a:adobe:coldfusion:8.0:::::::*

Information

Published : 2010-02-15 10:30

Updated : 2017-08-15 18:29

NVD link : CVE-2009-3960

Mitre link : CVE-2009-3960

JSON object : View

CWE

NVD-CWE-noinfo

Products Affected

adobe

flex_data_services
coldfusion
blazeds
lifecycle
lifecycle_data_services

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://securitytracker.com/id?1023584", "name": "1023584", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.securityfocus.com/bid/38197", "name": "38197", "tags": [], "refsource": "BID"}, {"url": "http://www.osvdb.org/62292", "name": "62292", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.adobe.com/support/security/bulletins/apsb10-05.html", "name": "http://www.adobe.com/support/security/bulletins/apsb10-05.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/38543", "name": "38543", "tags": [], "refsource": "SECUNIA"}, {"url": "https://www.exploit-db.com/exploits/41855/", "name": "41855", "tags": [], "refsource": "EXPLOIT-DB"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-3960", "ASSIGNER": "psirt@adobe.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2010-02-15T18:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:lifecycle_data_services:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flex_data_services:2.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:lifecycle_data_services:2.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:lifecycle_data_services:2.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:coldfusion:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:lifecycle:8.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:lifecycle:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:coldfusion:8.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:blazeds:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3.2"}, {"cpe23Uri": "cpe:2.3:a:adobe:lifecycle:8.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:coldfusion:7.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:coldfusion:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-16T01:29Z"}

4.3 /10