Release DateFeb 02, 2010 |
Severityhigh |
ImpactInformation Disclosure: Remote attackers can gain sensitive information from vulnerable systems. |
DescriptionThis indicates an attempt to exploit an XML External Entity Injection vulnerability in Adobe BlazeDS.The vulnerability is a result of the application's failure to properly sanitize user input before using it in XML. It allows a remote attacker to execute arbitrary code via sending a crafted web page. |
Affected ProductsBlazeDS 3.2 and earlier versionsLiveCycle 9.0, 8.2.1, and 8.0.1 LiveCycle Data Services 3.0, 2.6.1, and 2.5.1 Flex Data Services 2.0.1 ColdFusion 9.0, 8.0.1, 8.0, and 7.0.2 |
Recommended ActionsApply the latest update from the vendor. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2009-3960 |
Reference/shttp://www.adobe.com/support/security/bulletins/apsb10-05.html |
