Adobe BlazeDS XML And XML External Entity Injection Vulnerabilities Network Vulnerability

Summary

Adobe BlazeDS is prone to an XML-injection vulnerability and an XML External Entity injection vulnerability.

Impact

Attackers can exploit these issues to obtain sensitive information and carry out other attacks.

Solution

Updates are available, please refer to the linked advisory.

Affected

The following applications are affected: BlazeDS 3.2 and earlier versions LiveCycle 9.0, 8.2.1, and 8.0.1 LiveCycle Data Services 3.0, 2.6.1, and 2.5.1 Flex Data Services 2.0.1 ColdFusion 9.0, 8.0.1, 8.0, and 7.0.2

Detection

Send an modificated GET request and check the response

References

http://www.adobe.com/support/security/bulletins/apsb10-05.html
http://www.securityfocus.com/bid/38197

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3960
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
123 Flash Chat Multiple Security Vulnerabilities
Admidio get_file.php Remote File Disclosure Vulnerability
Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14

Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities

Take action and discover your vulnerabilities