CVE-2009-3960
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
15/02/2010
Last modified:
11/04/2025
Description
Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:adobe:blazeds:*:*:*:*:*:*:*:* | 3.2 (including) | |
| cpe:2.3:a:adobe:coldfusion:7.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:8.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:8.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:9.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:flex_data_services:2.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:livecycle:8.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:livecycle:8.2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:livecycle:9.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:livecycle_data_services:2.5.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:livecycle_data_services:2.6.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:livecycle_data_services:3.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/38543
- http://securitytracker.com/id?1023584=
- http://www.adobe.com/support/security/bulletins/apsb10-05.html
- http://www.osvdb.org/62292
- http://www.securityfocus.com/bid/38197
- https://www.exploit-db.com/exploits/41855/
- http://secunia.com/advisories/38543
- http://securitytracker.com/id?1023584=
- http://www.adobe.com/support/security/bulletins/apsb10-05.html
- http://www.osvdb.org/62292
- http://www.securityfocus.com/bid/38197
- https://www.exploit-db.com/exploits/41855/