Vulnerabilites related to adobe - livecycle_data_services
Vulnerability from fkie_nvd
Published
2011-06-16 23:55
Modified
2024-11-21 01:27
Severity ?
Summary
Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a "deserialization vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | blazeds | * | |
| adobe | livecycle_data_services | * | |
| adobe | livecycle_data_services | 2.5 | |
| adobe | livecycle_data_services | 2.5.1 | |
| adobe | livecycle_data_services | 2.6 | |
| adobe | livecycle_data_services | 2.6.1 | |
| adobe | livecycle_data_services | 3 | |
| adobe | livecycle | * | |
| adobe | livecycle | 6.0 | |
| adobe | livecycle | 7.0 | |
| adobe | livecycle | 8.0.1 | |
| adobe | livecycle | 8.0.1.1 | |
| adobe | livecycle | 8.0.1.2 | |
| adobe | livecycle | 8.2.1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:blazeds:*:*:*:*:*:*:*:*",
"matchCriteriaId": "007166D5-D7B0-486C-B4B6-C239906EF8D3",
"versionEndIncluding": "4.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA36866-F153-47DE-871E-D92DBD8A1C2B",
"versionEndIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "289238E6-C234-4191-911C-C6F0E51A3E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "262ED6C7-3C78-4863-9056-A9D55C7DB6CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8606C261-650F-43AF-BE2D-52DACFB94BBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEFE9CD7-0DB5-4038-AFB5-1B756186605C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:3:*:*:*:*:*:*:*",
"matchCriteriaId": "37973B36-6229-498A-936E-D621E2ED90C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:livecycle:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1BE8C5-F3EA-4F74-8ABE-BB5A7127DED3",
"versionEndIncluding": "9.0.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "123AE8CC-080C-4684-9818-CCEC5ACC1E60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D59B6009-B1B1-4FE1-8330-777473CF9EEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3890CE6C-D8D0-4406-ACE1-9849CFCA72F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle:8.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55624316-BCFD-4555-92F0-EF5271B86081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "89AE5D48-8552-4DB5-97A3-4D401559AB81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle:8.2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C91FA2-9DBB-4B06-8DBF-D7951A947087",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a \"deserialization vulnerability.\""
},
{
"lang": "es",
"value": "Adobe LiveCycle Data Services v3.1 y anteriores, LiveCycle v9.0.0.2 y anteriores, y BlazeDS v4.0.1 y anteriores no restringen adecuadamente la creaci\u00f3n de clases durante la deserializaci\u00f3n de la informci\u00f3n (1) AMF y (2) AMFX, lo que permite a atacantestener un impacto no especificado a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2011-2092",
"lastModified": "2024-11-21T01:27:34.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-06-16T23:55:01.527",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb11-15.html"
},
{
"source": "psirt@adobe.com",
"url": "http://www.securitytracker.com/id?1025656"
},
{
"source": "psirt@adobe.com",
"url": "http://www.securitytracker.com/id?1025657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb11-15.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025657"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-11-18 21:59
Modified
2024-11-21 02:32
Severity ?
Summary
Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | xp_p9000_command_view_advanced_edition | - | |
| hp | xp7_command_view_advanced_edition | - | |
| adobe | coldfusion | * | |
| adobe | coldfusion | * | |
| adobe | livecycle_data_services | 3.0 | |
| adobe | livecycle_data_services | 4.5 | |
| adobe | livecycle_data_services | 4.6 | |
| adobe | livecycle_data_services | 4.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:xp_p9000_command_view_advanced_edition:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CFCE83E-806F-4E38-8F66-CDB19EB4C4B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:xp7_command_view_advanced_edition:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49D77644-BF4C-48C1-9D01-B095FF977512",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:coldfusion:*:update17:*:*:*:*:*:*",
"matchCriteriaId": "411765D3-5F0C-406B-BBB0-01318810FF9E",
"versionEndIncluding": "10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:*:update6:*:*:*:*:*:*",
"matchCriteriaId": "7DE7BFC1-F605-4FA0-8B96-803CC1A63EB2",
"versionEndIncluding": "11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2EE5075B-DB11-47F3-9601-F4956ECF5047",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F27B0FB6-04A5-4D6D-9C31-847B924EF836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "16AB3FE1-2860-4A1D-AC3F-79CE04DC1242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1172637-AED4-4476-A44B-F7BEF179E9F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue."
},
{
"lang": "es",
"value": "Adobe BlazeDS, como se utiliza en ColdFusion 10 en versiones anteriores a Update 18 y 11 en versiones anteriores a Update 7 y LiveCycle Data Services 3.0.x en versiones anteriores a 3.0.0.354175, 3.1.x en versiones anteriores a 3.1.0.354180, 4.5.x en versiones anteriores a 4.5.1.354177, 4.6.2.x en versiones anteriores a 4.6.2.354178 y 4.7.x en versiones anteriores a 4.7.0.354178, permite a atacantes remotos enviar tr\u00e1fico HTTP a los servidores de la intranet a trav\u00e9s de un documento XML manipulado, relacionado con un problema Server-Side Request Forgery (SSRF)."
}
],
"id": "CVE-2015-5255",
"lastModified": "2024-11-21T02:32:39.473",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-11-18T21:59:00.130",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145996963420108\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/536958/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/77626"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1034210"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0008.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073670"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145996963420108\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/536958/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/77626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-06-16 23:55
Modified
2024-11-21 01:27
Severity ?
Summary
Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly handle object graphs, which allows attackers to cause a denial of service via unspecified vectors, related to a "complex object graph vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | blazeds | * | |
| adobe | livecycle_data_services | * | |
| adobe | livecycle_data_services | 2.5 | |
| adobe | livecycle_data_services | 2.5.1 | |
| adobe | livecycle_data_services | 2.6 | |
| adobe | livecycle_data_services | 2.6.1 | |
| adobe | livecycle_data_services | 3 | |
| adobe | livecycle | * | |
| adobe | livecycle | 6.0 | |
| adobe | livecycle | 7.0 | |
| adobe | livecycle | 8.0.1 | |
| adobe | livecycle | 8.0.1.1 | |
| adobe | livecycle | 8.0.1.2 | |
| adobe | livecycle | 8.2.1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:blazeds:*:*:*:*:*:*:*:*",
"matchCriteriaId": "007166D5-D7B0-486C-B4B6-C239906EF8D3",
"versionEndIncluding": "4.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA36866-F153-47DE-871E-D92DBD8A1C2B",
"versionEndIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "289238E6-C234-4191-911C-C6F0E51A3E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "262ED6C7-3C78-4863-9056-A9D55C7DB6CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8606C261-650F-43AF-BE2D-52DACFB94BBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEFE9CD7-0DB5-4038-AFB5-1B756186605C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:3:*:*:*:*:*:*:*",
"matchCriteriaId": "37973B36-6229-498A-936E-D621E2ED90C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:livecycle:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1BE8C5-F3EA-4F74-8ABE-BB5A7127DED3",
"versionEndIncluding": "9.0.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "123AE8CC-080C-4684-9818-CCEC5ACC1E60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D59B6009-B1B1-4FE1-8330-777473CF9EEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3890CE6C-D8D0-4406-ACE1-9849CFCA72F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle:8.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55624316-BCFD-4555-92F0-EF5271B86081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "89AE5D48-8552-4DB5-97A3-4D401559AB81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle:8.2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C91FA2-9DBB-4B06-8DBF-D7951A947087",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly handle object graphs, which allows attackers to cause a denial of service via unspecified vectors, related to a \"complex object graph vulnerability.\""
},
{
"lang": "es",
"value": "Adobe LiveCycle Data Services v3.1 y anteriores, LiveCycle v9.0.0.2 y anteriores, y BlazeDS v4.0.1 y anteriores no maneja adecuadamente los objetos gr\u00e1ficos, lo que permite a atacantes provocar una denegaci\u00f3n de servicio a trav\u00e9s de vectores no especificados, en relaci\u00f3n con una \"vulnerabilidad de objetos gr\u00e1ficos complejos\""
}
],
"id": "CVE-2011-2093",
"lastModified": "2024-11-21T01:27:34.427",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-06-16T23:55:01.557",
"references": [
{
"source": "psirt@adobe.com",
"url": "http://osvdb.org/73009"
},
{
"source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb11-15.html"
},
{
"source": "psirt@adobe.com",
"url": "http://www.securityfocus.com/bid/48267"
},
{
"source": "psirt@adobe.com",
"url": "http://www.securitytracker.com/id?1025656"
},
{
"source": "psirt@adobe.com",
"url": "http://www.securitytracker.com/id?1025657"
},
{
"source": "psirt@adobe.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/73009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb11-15.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/48267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68026"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-08-25 01:59
Modified
2024-11-21 02:29
Severity ?
Summary
Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | business_service_management | * | |
| adobe | livecycle_data_services | 3.0 | |
| adobe | livecycle_data_services | 4.5 | |
| adobe | livecycle_data_services | 4.6 | |
| adobe | livecycle_data_services | 4.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:business_service_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "939572F4-FE01-4527-985D-B63CCD990C79",
"versionEndIncluding": "9.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2EE5075B-DB11-47F3-9601-F4956ECF5047",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F27B0FB6-04A5-4D6D-9C31-847B924EF836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "16AB3FE1-2860-4A1D-AC3F-79CE04DC1242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1172637-AED4-4476-A44B-F7BEF179E9F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
},
{
"lang": "es",
"value": "Vulnerabilidad en Apache Flex BlazeDS, tal como se usa en flex-messaging-core.jar en Adobe LiveCycle Data Services (LCDS) 3.0.x en versiones anteriores a 3.0.0.354170, 4.5 en versiones anteriores a 4.5.1.354169, 4.6.2 en versiones anteriores a 4.6.2.354169 y 4.7 en versiones anteriores a 4.7.0.354169 y otros productos, permite a atacantes remotos leer archivos arbitrarios a trav\u00e9s de mensajes AMF que contienen una declaraci\u00f3n de entidad externa XML en conjunci\u00f3n con una referencia a entidad, relacionada con un problema de entidad externa XML (XXE)."
}
],
"id": "CVE-2015-3269",
"lastModified": "2024-11-21T02:29:02.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-25T01:59:00.087",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145706712500978\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/536266/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/76394"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1033337"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0008.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05026202"
},
{
"source": "secalert@redhat.com",
"url": "https://helpx.adobe.com/content/help/en/security/products/coldfusion/apsb15-21.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/livecycleds/apsb15-20.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-508/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145706712500978\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/536266/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/76394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05026202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://helpx.adobe.com/content/help/en/security/products/coldfusion/apsb15-21.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/livecycleds/apsb15-20.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-508/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-02-15 18:30
Modified
2025-02-05 13:58
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | blazeds | * | |
| adobe | coldfusion | 7.0.2 | |
| adobe | coldfusion | 8.0 | |
| adobe | coldfusion | 8.0.1 | |
| adobe | coldfusion | 9.0 | |
| adobe | flex_data_services | 2.0.1 | |
| adobe | livecycle | 8.0.1 | |
| adobe | livecycle | 8.2.1 | |
| adobe | livecycle | 9.0 | |
| adobe | livecycle_data_services | 2.5.1 | |
| adobe | livecycle_data_services | 2.6.1 | |
| adobe | livecycle_data_services | 3.0 |
{
"cisaActionDue": "2022-09-07",
"cisaExploitAdd": "2022-03-07",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Adobe BlazeDS Information Disclosure Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:blazeds:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF7C97E-BE99-415D-B12B-D3E7BD9EDF08",
"versionEndIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B015715F-9672-480E-B0AA-968D8C9070D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DD6C1877-7412-4FBE-9641-334971F9D153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28C8D6AF-EDE1-42BD-A47C-2EF8690299BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "113431FB-E4BE-4416-800C-6B13AD1C0E92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flex_data_services:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F65E3F-F3E7-4BE9-A13B-87FFF3B3777E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3890CE6C-D8D0-4406-ACE1-9849CFCA72F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82D29A25-10F2-4FFB-A9BC-B7AAD6D1A18A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6804632-7EA5-45AB-91A3-C05D3426CA9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "262ED6C7-3C78-4863-9056-A9D55C7DB6CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEFE9CD7-0DB5-4038-AFB5-1B756186605C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2EE5075B-DB11-47F3-9601-F4956ECF5047",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en BlazeDS v3.2 y anteriores, tal como es utilizado en LiveCycle v8.0.1, v8.2.1 y v9.0, LiveCycle Data Services v2.5.1, v2.6.1 y v3.0, Flex Data Services v2.0.1 y ColdFusion v7.0.2, v8.0, v8.0.1 y v9.0. Permite a atacantes remotos obtener informaci\u00f3n confidencial a trav\u00e9s de vectores de ataque asociados con una petici\u00f3n, y relacionados con una etiqueta inyectada y una referencia a una entidad externa en documentos XML."
}
],
"id": "CVE-2009-3960",
"lastModified": "2025-02-05T13:58:19.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2010-02-15T18:30:00.407",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/38543"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1023584"
},
{
"source": "psirt@adobe.com",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-05.html"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/62292"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/38197"
},
{
"source": "psirt@adobe.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/41855/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/38543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1023584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-05.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/62292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/38197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/41855/"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2011-2092
Vulnerability from cvelistv5
Published
2011-06-16 23:00
Modified
2024-08-06 22:46
Severity ?
EPSS score ?
Summary
Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a "deserialization vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1025656 | vdb-entry, x_refsource_SECTRACK | |
| http://www.adobe.com/support/security/bulletins/apsb11-15.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1025657 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:46:00.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1025656",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025656"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb11-15.html"
},
{
"name": "1025657",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025657"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a \"deserialization vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-07T09:00:00",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "1025656",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025656"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb11-15.html"
},
{
"name": "1025657",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025657"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2011-2092",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a \"deserialization vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1025656",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025656"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb11-15.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-15.html"
},
{
"name": "1025657",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025657"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2011-2092",
"datePublished": "2011-06-16T23:00:00",
"dateReserved": "2011-05-13T00:00:00",
"dateUpdated": "2024-08-06T22:46:00.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2093
Vulnerability from cvelistv5
Published
2011-06-16 23:00
Modified
2024-08-06 22:46
Severity ?
EPSS score ?
Summary
Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly handle object graphs, which allows attackers to cause a denial of service via unspecified vectors, related to a "complex object graph vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/48267 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/68026 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id?1025656 | vdb-entry, x_refsource_SECTRACK | |
| http://www.adobe.com/support/security/bulletins/apsb11-15.html | x_refsource_CONFIRM | |
| http://osvdb.org/73009 | vdb-entry, x_refsource_OSVDB | |
| http://www.securitytracker.com/id?1025657 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:46:01.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48267",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48267"
},
{
"name": "livecycle-graph-object-dos(68026)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68026"
},
{
"name": "1025656",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025656"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb11-15.html"
},
{
"name": "73009",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/73009"
},
{
"name": "1025657",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025657"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly handle object graphs, which allows attackers to cause a denial of service via unspecified vectors, related to a \"complex object graph vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "48267",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48267"
},
{
"name": "livecycle-graph-object-dos(68026)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68026"
},
{
"name": "1025656",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025656"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb11-15.html"
},
{
"name": "73009",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/73009"
},
{
"name": "1025657",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025657"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2011-2093",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly handle object graphs, which allows attackers to cause a denial of service via unspecified vectors, related to a \"complex object graph vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48267",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48267"
},
{
"name": "livecycle-graph-object-dos(68026)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68026"
},
{
"name": "1025656",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025656"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb11-15.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-15.html"
},
{
"name": "73009",
"refsource": "OSVDB",
"url": "http://osvdb.org/73009"
},
{
"name": "1025657",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025657"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2011-2093",
"datePublished": "2011-06-16T23:00:00",
"dateReserved": "2011-05-13T00:00:00",
"dateUpdated": "2024-08-06T22:46:01.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5255
Vulnerability from cvelistv5
Published
2015-11-18 21:00
Modified
2024-08-06 06:41
Severity ?
EPSS score ?
Summary
Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=145996963420108&w=2 | vendor-advisory, x_refsource_HP | |
| https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.html | x_refsource_MISC | |
| http://www.securitytracker.com/id/1034210 | vdb-entry, x_refsource_SECTRACK | |
| https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073670 | x_refsource_CONFIRM | |
| http://www.vmware.com/security/advisories/VMSA-2015-0008.html | x_refsource_CONFIRM | |
| https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/536958/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/77626 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:08.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "HPSBST03568",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145996963420108\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.html"
},
{
"name": "1034210",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034210"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073670"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0008.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html"
},
{
"name": "20151123 CVE-2015-5255: SSRF vulnerability in Apache Flex BlazeDS 4.7.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536958/100/0/threaded"
},
{
"name": "77626",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77626"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "HPSBST03568",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145996963420108\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.html"
},
{
"name": "1034210",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034210"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073670"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0008.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html"
},
{
"name": "20151123 CVE-2015-5255: SSRF vulnerability in Apache Flex BlazeDS 4.7.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536958/100/0/threaded"
},
{
"name": "77626",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77626"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBST03568",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=145996963420108\u0026w=2"
},
{
"name": "https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html"
},
{
"name": "http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.html"
},
{
"name": "1034210",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034210"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073670",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073670"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2015-0008.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0008.html"
},
{
"name": "https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html"
},
{
"name": "20151123 CVE-2015-5255: SSRF vulnerability in Apache Flex BlazeDS 4.7.1",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536958/100/0/threaded"
},
{
"name": "77626",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77626"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5255",
"datePublished": "2015-11-18T21:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:08.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3960
Vulnerability from cvelistv5
Published
2010-02-15 18:00
Modified
2025-02-04 21:46
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/38197 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1023584 | vdb-entry, x_refsource_SECTRACK | |
| http://www.osvdb.org/62292 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/38543 | third-party-advisory, x_refsource_SECUNIA | |
| https://www.exploit-db.com/exploits/41855/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.adobe.com/support/security/bulletins/apsb10-05.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:50.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38197",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38197"
},
{
"name": "1023584",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023584"
},
{
"name": "62292",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/62292"
},
{
"name": "38543",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38543"
},
{
"name": "41855",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41855/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-05.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2009-3960",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T21:42:52.303476Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-03-07",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2009-3960"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T21:46:04.783Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-15T09:57:01.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "38197",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38197"
},
{
"name": "1023584",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023584"
},
{
"name": "62292",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/62292"
},
{
"name": "38543",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38543"
},
{
"name": "41855",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/41855/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-05.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2009-3960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38197",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38197"
},
{
"name": "1023584",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023584"
},
{
"name": "62292",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/62292"
},
{
"name": "38543",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38543"
},
{
"name": "41855",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41855/"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-05.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-05.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2009-3960",
"datePublished": "2010-02-15T18:00:00.000Z",
"dateReserved": "2009-11-16T00:00:00.000Z",
"dateUpdated": "2025-02-04T21:46:04.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3269
Vulnerability from cvelistv5
Published
2015-08-25 01:00
Modified
2024-08-06 05:39
Severity ?
EPSS score ?
Summary
Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05026202 | x_refsource_CONFIRM | |
| http://marc.info/?l=bugtraq&m=145706712500978&w=2 | vendor-advisory, x_refsource_HP | |
| http://www.securityfocus.com/bid/76394 | vdb-entry, x_refsource_BID | |
| http://www.vmware.com/security/advisories/VMSA-2015-0008.html | x_refsource_CONFIRM | |
| https://helpx.adobe.com/security/products/livecycleds/apsb15-20.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/536266/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://helpx.adobe.com/content/help/en/security/products/coldfusion/apsb15-21.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1033337 | vdb-entry, x_refsource_SECTRACK | |
| https://www.zerodayinitiative.com/advisories/ZDI-22-508/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:32.110Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05026202"
},
{
"name": "HPSBGN03550",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145706712500978\u0026w=2"
},
{
"name": "76394",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76394"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0008.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/livecycleds/apsb15-20.html"
},
{
"name": "20150819 CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536266/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helpx.adobe.com/content/help/en/security/products/coldfusion/apsb15-21.html"
},
{
"name": "1033337",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033337"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-508/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-11T16:06:33",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05026202"
},
{
"name": "HPSBGN03550",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145706712500978\u0026w=2"
},
{
"name": "76394",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76394"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0008.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helpx.adobe.com/security/products/livecycleds/apsb15-20.html"
},
{
"name": "20150819 CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536266/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helpx.adobe.com/content/help/en/security/products/coldfusion/apsb15-21.html"
},
{
"name": "1033337",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033337"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-508/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3269",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05026202",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05026202"
},
{
"name": "HPSBGN03550",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=145706712500978\u0026w=2"
},
{
"name": "76394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76394"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2015-0008.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0008.html"
},
{
"name": "https://helpx.adobe.com/security/products/livecycleds/apsb15-20.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/livecycleds/apsb15-20.html"
},
{
"name": "20150819 CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536266/100/0/threaded"
},
{
"name": "https://helpx.adobe.com/content/help/en/security/products/coldfusion/apsb15-21.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/content/help/en/security/products/coldfusion/apsb15-21.html"
},
{
"name": "1033337",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033337"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-508/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-508/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3269",
"datePublished": "2015-08-25T01:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:32.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}