CVE-2009-3960

Sažetak

Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.

Reference

http://secunia.com/advisories/38543
http://securitytracker.com/id?1023584
http://www.adobe.com/support/security/bulletins/apsb10-05.html
http://www.osvdb.org/62292
http://www.securityfocus.com/bid/38197
https://www.exploit-db.com/exploits/41855/

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

16-07-2024 - 17:43

Objavljeno

15-02-2010 - 18:30