Update Protection against Adobe BlazeDS XML Processing Information Disclosure Vulnerability (APSB10-05)
| Check Point Reference: | CPAI-2010-036 | |
| Date Published: | ||
| Severity: | ||
| Source: | Adobe Security Bulletin - APSB10-05 | |
| Industry Reference(s): | CVE-2009-3960 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? BlazeDS 3.2 and earlier versions LiveCycle 9.0, 8.2.1, and 8.0.1 LiveCycle Data Services 3.0, 2.6.1, and 2.5.1 Flex Data Services 2.0.1 ColdFusion 9.0, 8.0.1, 8.0, and 7.0.2 | ||
| Vulnerability Description An information disclosure vulnerability has been identified in Adobe BlazeDS. Adobe BlazeDS is the server-based Java remoting and web messaging technology that enables developers to connect to back-end distributed data and push data in real-time to Adobe Flex and Adobe AIR applications. A remote attacker could exploit this vulnerability to gain access to sensitive information. |
||
|
Update/Patch Available Update patches Adobe Security Bulletin - APSB10-05 |
|
|
Vulnerability Details The vulnerability is due to an error in Adobe BlazeDS when processing incoming requests, XML external entity references and injected tags. A remote attacker could trigger this issue via a specially crafted XML document. Successful exploitation of this vulnerability can result in disclosure of information. |
Protection Overview
This protection will detect and block attempts to exploit this vulnerability.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.