CVE-2009-3960

Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.3 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/38543	Broken Link
http://securitytracker.com/id?1023584	Broken Link Third Party Advisory VDB Entry
http://www.adobe.com/support/security/bulletins/apsb10-05.html	Not Applicable Vendor Advisory
http://www.osvdb.org/62292	Broken Link
http://www.securityfocus.com/bid/38197	Broken Link Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/41855/	Exploit Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:adobe:blazeds::::::::
	cpe:2.3:a:adobe:coldfusion:7.0.2:::::::*
	cpe:2.3:a:adobe:coldfusion:8.0:::::::*
	cpe:2.3:a:adobe:coldfusion:8.0.1:::::::*
	cpe:2.3:a:adobe:coldfusion:9.0:::::::*
	cpe:2.3:a:adobe:flex_data_services:2.0.1:::::::*
	cpe:2.3:a:adobe:lifecycle:8.0.1:::::::*
	cpe:2.3:a:adobe:lifecycle:8.2.1:::::::*
	cpe:2.3:a:adobe:lifecycle:9.0:::::::*
	cpe:2.3:a:adobe:lifecycle_data_services:2.5.1:::::::*
	cpe:2.3:a:adobe:lifecycle_data_services:2.6.1:::::::*
	cpe:2.3:a:adobe:lifecycle_data_services:3.0:::::::*

History

No history.

Information

Published : 2010-02-15 18:30

Updated : 2024-07-16 17:43

NVD link : CVE-2009-3960

Mitre link : CVE-2009-3960

CVE.ORG link : CVE-2009-3960

JSON object : View

Products Affected

adobe

lifecycle
lifecycle_data_services
blazeds
coldfusion
flex_data_services

CWE

NVD-CWE-noinfo

{"id": "CVE-2009-3960", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2010-02-15T18:30:00.407", "references": [{"url": "http://secunia.com/advisories/38543", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://securitytracker.com/id?1023584", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "psirt@adobe.com"}, {"url": "http://www.adobe.com/support/security/bulletins/apsb10-05.html", "tags": ["Not Applicable", "Vendor Advisory"], "source": "psirt@adobe.com"}, {"url": "http://www.osvdb.org/62292", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://www.securityfocus.com/bid/38197", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "psirt@adobe.com"}, {"url": "https://www.exploit-db.com/exploits/41855/", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "psirt@adobe.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents."}, {"lang": "es", "value": "Vulnerabilidad sin especificar en BlazeDS v3.2 y anteriores, tal como es utilizado en LiveCycle v8.0.1, v8.2.1 y v9.0, LiveCycle Data Services v2.5.1, v2.6.1 y v3.0, Flex Data Services v2.0.1 y ColdFusion v7.0.2, v8.0, v8.0.1 y v9.0. Permite a atacantes remotos obtener informaci\u00f3n confidencial a trav\u00e9s de vectores de ataque asociados con una petici\u00f3n, y relacionados con una etiqueta inyectada y una referencia a una entidad externa en documentos XML."}], "lastModified": "2024-07-16T17:43:31.150", "cisaActionDue": "2022-09-07", "cisaExploitAdd": "2022-03-07", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:blazeds:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AEF7C97E-BE99-415D-B12B-D3E7BD9EDF08", "versionEndIncluding": "3.2"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:7.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B015715F-9672-480E-B0AA-968D8C9070D5"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD6C1877-7412-4FBE-9641-334971F9D153"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:8.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28C8D6AF-EDE1-42BD-A47C-2EF8690299BD"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "113431FB-E4BE-4416-800C-6B13AD1C0E92"}, {"criteria": "cpe:2.3:a:adobe:flex_data_services:2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6F65E3F-F3E7-4BE9-A13B-87FFF3B3777E"}, {"criteria": "cpe:2.3:a:adobe:lifecycle:8.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A1EAAD5-7A00-4EC3-9F97-D2965E2569D8"}, {"criteria": "cpe:2.3:a:adobe:lifecycle:8.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D227BD60-5882-4C73-A642-EEE1E485FC48"}, {"criteria": "cpe:2.3:a:adobe:lifecycle:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3824D1B3-CE8E-488C-B241-BBD764C935F5"}, {"criteria": "cpe:2.3:a:adobe:lifecycle_data_services:2.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EDF0B56D-E982-44CE-92E8-DA696E33717A"}, {"criteria": "cpe:2.3:a:adobe:lifecycle_data_services:2.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18CBBE17-8E63-4A48-997B-850702442394"}, {"criteria": "cpe:2.3:a:adobe:lifecycle_data_services:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3080073F-5BF3-415D-917A-C04DDCEEB311"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@adobe.com", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Adobe BlazeDS Information Disclosure Vulnerability"}