CVE-2009-3960

MEDIUM KEV RANSOMWARE

BlazeDS <3.2 - Info Disclosure

Title source: llm

Description

Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Roberto Suggi Liverani · textdosmultiple

https://www.exploit-db.com/exploits/11529

View Code ZIP pw:eip

exploitdb WORKING POC

by Tess Sluyter · bashwebappsxml

https://www.exploit-db.com/exploits/41855

View Code ZIP pw:eip

metasploit WORKING POC

by CG · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/adobe_xml_inject.rb

View Code ZIP pw:eip

References (7)

Core 7

Core References

Third Party Advisory, US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-3960

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/38197

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1023584

Broken Link vdb-entry x_refsource_osvdb

http://www.osvdb.org/62292

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/38543

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/41855/

Not Applicable, Vendor Advisory x_refsource_confirm

http://www.adobe.com/support/security/bulletins/apsb10-05.html

Scores

CVSS v3 6.5

EPSS 0.9043

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact partial

Details

CISA KEV 2022-03-07

VulnCheck KEV 2021-09-21

InTheWild.io 2022-03-07

ENISA EUVD EUVD-2009-3931

Ransomware Use Confirmed

Status published

Products (12)

adobe/blazeds < 3.2

adobe/coldfusion 7.0.2

adobe/coldfusion 8.0

adobe/coldfusion 8.0.1

adobe/coldfusion 9.0

adobe/flex_data_services 2.0.1

adobe/livecycle 8.0.1

adobe/livecycle 8.2.1

adobe/livecycle 9.0

adobe/livecycle_data_services 2.5.1

... and 2 more

Published Feb 15, 2010

KEV Added Mar 07, 2022

Tracked Since Feb 18, 2026