CVE-2009-3960

KEV
Published: Feb 15, 2010 Last Modified: Ott 22, 2025
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 6,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
MEDIUM 4,3
Source: [email protected]
Access Vector: network
Access Complexity: medium
Authentication: none
Confidentiality: partial
Integrity: none
Availability: none

Description

AI Translation Available

Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,8874
Percentile
1,0th
Updated

EPSS Score Trend (Last 91 Days)

Exploit

Adobe (Multiple Products) - XML External Entity / …

Verified

Adobe (Multiple Products) - XML External Entity / XML Injection

Author: Roberto Suggi Liverani Published: Status: Verified
View Exploit Code →
Exploit

Adobe (Multiple Products) - XML Injection File Content …

Adobe (Multiple Products) - XML Injection File Content Disclosure

Author: Tess Sluyter Published:
View Exploit Code →
Application

Coldfusion by Adobe

Product Information
Vendor Adobe
Product Coldfusion
Version 9.0
cpe:2.3:a:adobe:coldfusion:9.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Livecycle Data Services by Adobe

Product Information
Vendor Adobe
Product Livecycle Data Services
Version 2.5.1
cpe:2.3:a:adobe:livecycle_data_services:2.5.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Coldfusion by Adobe

Product Information
Vendor Adobe
Product Coldfusion
Version 8.0.1
cpe:2.3:a:adobe:coldfusion:8.0.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Livecycle Data Services by Adobe

Product Information
Vendor Adobe
Product Livecycle Data Services
Version 3.0
cpe:2.3:a:adobe:livecycle_data_services:3.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Livecycle by Adobe

Product Information
Vendor Adobe
Product Livecycle
Version 8.0.1
cpe:2.3:a:adobe:livecycle:8.0.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Livecycle by Adobe

Product Information
Vendor Adobe
Product Livecycle
Version 8.2.1
cpe:2.3:a:adobe:livecycle:8.2.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Blazeds by Adobe

Product Information
Vendor Adobe
Product Blazeds
Version Range Affected
To 3.2 (inclusive)
cpe:2.3:a:adobe:blazeds:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Coldfusion by Adobe

Product Information
Vendor Adobe
Product Coldfusion
Version 7.0.2
cpe:2.3:a:adobe:coldfusion:7.0.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Flex Data Services by Adobe

Product Information
Vendor Adobe
Product Flex Data Services
Version 2.0.1
cpe:2.3:a:adobe:flex_data_services:2.0.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Livecycle Data Services by Adobe

Product Information
Vendor Adobe
Product Livecycle Data Services
Version 2.6.1
cpe:2.3:a:adobe:livecycle_data_services:2.6.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Coldfusion by Adobe

Product Information
Vendor Adobe
Product Coldfusion
Version 8.0
cpe:2.3:a:adobe:coldfusion:8.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Livecycle by Adobe

Product Information
Vendor Adobe
Product Livecycle
Version 9.0
cpe:2.3:a:adobe:livecycle:9.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.cisa.gov/known-exploited-vulnerabilities-catalo…
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009…
http://secunia.com/advisories/38543
http://secunia.com/advisories/38543
http://securitytracker.com/id?1023584
http://securitytracker.com/id?1023584
https://www.exploit-db.com/exploits/41855/
https://www.exploit-db.com/exploits/41855/
http://www.adobe.com/support/security/bulletins/apsb10-05.h…
http://www.adobe.com/support/security/bulletins/apsb10-05.html
http://www.osvdb.org/62292
http://www.osvdb.org/62292
http://www.securityfocus.com/bid/38197
http://www.securityfocus.com/bid/38197
http://secunia.com/advisories/38543
http://secunia.com/advisories/38543
http://securitytracker.com/id?1023584
http://securitytracker.com/id?1023584
https://www.exploit-db.com/exploits/41855/
https://www.exploit-db.com/exploits/41855/
http://www.adobe.com/support/security/bulletins/apsb10-05.h…
http://www.adobe.com/support/security/bulletins/apsb10-05.html
http://www.osvdb.org/62292
http://www.osvdb.org/62292
http://www.securityfocus.com/bid/38197
http://www.securityfocus.com/bid/38197