Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities

Bugtraq ID: 38197
Class: Input Validation Error
CVE: CVE-2009-3960
Remote: Yes
Local: No
Published: Feb 11 2010 12:00AM
Updated: Mar 05 2010 09:02PM
Credit: Roberto Suggi Liverani of Security-Assessment.com
Vulnerable: Adobe LiveCycle Data Services 2.6.1
Adobe LiveCycle Data Services 2.5.1
Adobe LiveCycle Data Services 3.0
Adobe LiveCycle 8.2.1
Adobe LiveCycle 8.0.1
Adobe LiveCycle 9.0
Adobe Flex Data Services 2.0.1
Adobe ColdFusion 8.0.1
Adobe ColdFusion 7.0.2
Adobe ColdFusion 9.0
Adobe ColdFusion 8.0
Adobe ColdFusion 8
Adobe BlazeDS 3.2
Not Vulnerable:


 

Privacy Statement
Copyright 2010, SecurityFocus