CVE-2009-3960

Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.

CVSS v3.0 6.5 MEDIUM
CVSS v2.0 4.3 MEDIUM

6.5^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/38543	Broken Link
http://securitytracker.com/id?1023584	Broken Link Third Party Advisory VDB Entry
http://www.adobe.com/support/security/bulletins/apsb10-05.html	Not Applicable Vendor Advisory
http://www.osvdb.org/62292	Broken Link
http://www.securityfocus.com/bid/38197	Broken Link Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/41855/	Exploit Third Party Advisory VDB Entry
http://secunia.com/advisories/38543	Broken Link
https://www.exploit-db.com/exploits/41855/	Exploit Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/38197	Broken Link Third Party Advisory VDB Entry
http://www.osvdb.org/62292	Broken Link
http://www.adobe.com/support/security/bulletins/apsb10-05.html	Not Applicable Vendor Advisory
http://securitytracker.com/id?1023584	Broken Link Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:adobe:coldfusion:7.0.2:::::::*
	cpe:2.3:a:adobe:coldfusion:8.0:::::::*
	cpe:2.3:a:adobe:coldfusion:9.0:::::::*
	cpe:2.3:a:adobe:blazeds::::::::
	cpe:2.3:a:adobe:livecycle_data_services:3.0:::::::*
	cpe:2.3:a:adobe:flex_data_services:2.0.1:::::::*
	cpe:2.3:a:adobe:livecycle:9.0:::::::*
	cpe:2.3:a:adobe:livecycle:8.2.1:::::::*
	cpe:2.3:a:adobe:livecycle_data_services:2.6.1:::::::*
	cpe:2.3:a:adobe:livecycle:8.0.1:::::::*
	cpe:2.3:a:adobe:coldfusion:8.0.1:::::::*
	cpe:2.3:a:adobe:livecycle_data_services:2.5.1:::::::*

History

05 Feb 2025, 13:58

Type	Values Removed	Values Added
CPE	cpe:2.3:a:adobe:lifecycle_data_services:3.0:::::::* cpe:2.3:a:adobe:lifecycle:8.2.1:::::::* cpe:2.3:a:adobe:lifecycle_data_services:2.5.1:::::::* cpe:2.3:a:adobe:lifecycle:9.0:::::::* cpe:2.3:a:adobe:lifecycle_data_services:2.6.1:::::::* cpe:2.3:a:adobe:lifecycle:8.0.1:::::::*	cpe:2.3:a:adobe:livecycle_data_services:2.5.1:::::::* cpe:2.3:a:adobe:livecycle:8.0.1:::::::* cpe:2.3:a:adobe:livecycle_data_services:2.6.1:::::::* cpe:2.3:a:adobe:livecycle:8.2.1:::::::* cpe:2.3:a:adobe:livecycle_data_services:3.0:::::::* cpe:2.3:a:adobe:livecycle:9.0:::::::*
First Time		Adobe livecycle Adobe livecycle Data Services

19 Dec 2024, 18:09

Type	Values Removed	Values Added
References	~~(BID) http://www.securityfocus.com/bid/38197 - Broken Link, Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/38197 - Broken Link, Third Party Advisory, VDB Entry
References	~~(SECUNIA) http://secunia.com/advisories/38543 - Broken Link~~	() http://secunia.com/advisories/38543 - Broken Link
References	~~(SECTRACK) http://securitytracker.com/id?1023584 - Broken Link, Third Party Advisory, VDB Entry~~	() http://securitytracker.com/id?1023584 - Broken Link, Third Party Advisory, VDB Entry
References	~~(EXPLOIT-DB) https://www.exploit-db.com/exploits/41855/ - Exploit, Third Party Advisory, VDB Entry~~	() https://www.exploit-db.com/exploits/41855/ - Exploit, Third Party Advisory, VDB Entry
References	~~(OSVDB) http://www.osvdb.org/62292 - Broken Link~~	() http://www.osvdb.org/62292 - Broken Link
References	~~(CONFIRM) http://www.adobe.com/support/security/bulletins/apsb10-05.html - Not Applicable, Vendor Advisory~~	() http://www.adobe.com/support/security/bulletins/apsb10-05.html - Not Applicable, Vendor Advisory

16 Jul 2024, 17:43

Type	Values Removed	Values Added
CVSS	v2 : ~~4.3~~ v3 : ~~unknown~~	v2 : 4.3 v3 : 6.5
References	~~(BID) http://www.securityfocus.com/bid/38197 -~~	(BID) http://www.securityfocus.com/bid/38197 - Broken Link, Third Party Advisory, VDB Entry
References	~~(OSVDB) http://www.osvdb.org/62292 -~~	(OSVDB) http://www.osvdb.org/62292 - Broken Link
References	~~(SECTRACK) http://securitytracker.com/id?1023584 -~~	(SECTRACK) http://securitytracker.com/id?1023584 - Broken Link, Third Party Advisory, VDB Entry
References	~~(SECUNIA) http://secunia.com/advisories/38543 -~~	(SECUNIA) http://secunia.com/advisories/38543 - Broken Link
References	~~(CONFIRM) http://www.adobe.com/support/security/bulletins/apsb10-05.html - Vendor Advisory~~	(CONFIRM) http://www.adobe.com/support/security/bulletins/apsb10-05.html - Not Applicable, Vendor Advisory
References	~~(EXPLOIT-DB) https://www.exploit-db.com/exploits/41855/ -~~	(EXPLOIT-DB) https://www.exploit-db.com/exploits/41855/ - Exploit, Third Party Advisory, VDB Entry

Information

Published : 2010-02-15 18:30

Updated : 2025-02-05 13:58

NVD link : CVE-2009-3960

Mitre link : CVE-2009-3960

JSON object : View

Products Affected

adobe

coldfusion
flex_data_services
livecycle
blazeds
livecycle_data_services

CWE

NVD-CWE-noinfo

6.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2009-3960

6.5^/10

4.3^/10

Attach tags to `CVE-2009-3960`