CVE-2009-3960 Scanner
Detects 'XML External Entity (XXE)' vulnerability in Adobe BlazeDS, LiveCycle, LiveCycle Data Services, Flex Data Services and ColdFusion affects v. BlazeDS 3.2 and earlier, LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
15 seconds
Time Interval
30 days
Scan only one
Domain, IPv4, Subdomain
Toolbox
-
Adobe Inc. offers various software products that are widely utilized in different industries. Among them are Adobe BlazeDS, LiveCycle, LiveCycle Data Services, Flex Data Services and ColdFusion. BlazeDS, LiveCycle, and Data Services are server-based software that facilitates the creation and deployment of rich internet applications that can be accessed through web browsers. One of their main benefits is that they allow for the efficient exchange of data between the server and the client. On the other hand, ColdFusion is a commercial rapid web application development platform that allows web developers to create dynamic and interactive web applications.
The vulnerability code CVE-2009-3960 has been found in Adobe BlazeDS 3.2 and earlier versions, which are used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0. The vulnerability allows attackers to obtain confidential information through malicious code injection. Specifically, it is associated with external entity references in XML documents.
If the vulnerability is exploited, it can lead to several consequences. The attackers can potentially gain unauthorized access to sensitive data such as usernames, passwords, and other confidential information. They can also modify or delete the data stored in the server and cause denial of service. For organizations that use these software products for mission-critical applications, this can result in significant financial loss, reputational damage, and legal liabilities.
Thanks to the pro features of the s4e.io platform, readers of this article can easily and quickly learn about potential vulnerabilities in their digital assets. By using the platform's comprehensive vulnerability scanning and management tools, they can identify and remediate potential security risks before they are exploited by attackers. This proactive approach can help organizations stay ahead of the rapidly evolving threat landscape and maintain the confidentiality, integrity, and availability of their digital assets.
REFERENCES
