CVE-2009-3960 Information

Description

Unspecified vulnerability in BlazeDS 3.2 and earlier as used in LiveCycle 8.0.1 8.2.1 and 9.0 LiveCycle Data Services 2.5.1 2.6.1 and 3.0 Flex Data Services 2.0.1 and ColdFusion 7.0.2 8.0 8.0.1 and 9.0 allows remote attackers to obtain sensitive information via vectors that are associated with a request and related to injected tags and external entity references in XML documents.

Reference

http://secunia.com/advisories/38543 http://securitytracker.com/id?1023584 http://www.adobe.com/support/security/bulletins/apsb10-05.html http://www.osvdb.org/62292 http://www.securityfocus.com/bid/38197 https://www.exploit-db.com/exploits/41855/