First published: Mon Feb 15 2010(Updated: )
Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability that allows for information disclosure.
Credit: psirt@adobe.com psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apache Flex BlazeDS | ||
Adobe LiveCycle | =9.0 | |
Adobe ColdFusion | =7.0.2 | |
Adobe ColdFusion | =8.0 | |
Adobe ColdFusion | =9.0 | |
Apache Flex BlazeDS | <=3.2 | |
Adobe LiveCycle Data Services | =3.0 | |
Adobe LiveCycle | =8.2.1 | |
Adobe Flex Data Services | =2.0.1 | |
Adobe LiveCycle Data Services | =2.6.1 | |
Adobe LiveCycle | =8.0.1 | |
Adobe ColdFusion | =8.0.1 | |
Adobe LiveCycle Data Services | =2.5.1 | |
Adobe LiveCycle | =8.0.1 | |
Adobe LiveCycle | =8.2.1 | |
Adobe LiveCycle | =9.0 | |
Adobe LiveCycle Data Services | =2.5.1 | |
Adobe LiveCycle Data Services | =2.6.1 | |
Adobe LiveCycle Data Services | =3.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2009-3960 has been classified as a moderate severity vulnerability due to its potential for information disclosure.
CVE-2009-3960 affects multiple Adobe products including BlazeDS, ColdFusion, and LiveCycle, particularly earlier versions up to 9.0.
To fix CVE-2009-3960, users should update to the latest patched versions of the affected Adobe products as indicated by Adobe's security updates.
CVE-2009-3960 represents an information disclosure vulnerability that could expose sensitive data under certain circumstances.
While CVE-2009-3960 primarily affects outdated versions, organizations using legacy software should still consider it a potential risk and ensure updates are applied.