返回 CVE 浏览器

CVE-2009-3960

Known Exploited (CISA KEV)MEDIUM

6.5

CVSS Severity Score

EPSS Score75.2400%

EPSS Percentile89.87th

Published2010年2月15日

Last Modified2026年4月21日

Vulnerability Description

Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.

Affected Platforms (CPE)

📦

Adobe

Blazeds

<= 3.2

📦

Adobe

Coldfusion

= 7.0.2

📦

Adobe

Coldfusion

= 8.0

📦

Adobe

Coldfusion

= 8.0.1

📦

Adobe

Coldfusion

= 9.0

📦

Adobe

Flex Data Services

= 2.0.1

📦

Adobe

Livecycle

= 8.0.1

📦

Adobe

Livecycle

= 8.2.1

📦

Adobe

Livecycle

= 9.0

📦

Adobe

Livecycle Data Services

= 2.5.1

📦

Adobe

Livecycle Data Services

= 2.6.1

📦

Adobe

Livecycle Data Services

= 3.0

References & Advisories

🔗 http://secunia.com/advisories/38543

🔗 http://securitytracker.com/id?1023584

🔗 http://www.adobe.com/support/security/bulletins/apsb10-05.html

🔗 http://www.osvdb.org/62292

🔗 http://www.securityfocus.com/bid/38197

🔗 https://www.exploit-db.com/exploits/41855/

🔗 http://secunia.com/advisories/38543

🔗 http://securitytracker.com/id?1023584

相关漏洞威胁

CVE-2011-209210.0

Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restri...

CVE-2017-56419.8

Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not restrict which types were allowed for AMF(X) object deseriali...

CVE-2017-30669.8

Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a Java d...

CVE-2018-147199.8

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block ...