Computer Security
[EN] securityvulns.ru no-pyccku


Adobe multiple server application information leak
Published:25.02.2010
Source:
SecurityVulns ID:10649
Type:remote
Threat Level:
8/10
Description:It's possible to access loca files by AMFX request with XML External Entities.
Affected:ADOBE : BlazeDS 3.2
 ADOBE : LiveCycle Data Services ES2 3.0
 ADOBE : ColdFusion 9.0
CVE:CVE-2009-3960 (Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.)
Original documentdocumentRoberto Suggi, Multiple Adobe Products - XML External Entity And XML Injection Vulnerabilities (25.02.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod