5

CVE-2011-2093

Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly handle object graphs, which allows attackers to cause a denial of service via unspecified vectors, related to a "complex object graph vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AdobeBlazeds Version <= 4.0.1
AdobeLivecycle Data Services Version <= 3.1
AdobeLivecycle Data Services Version2.5.1
AdobeLivecycle Data Services Version2.6.1
AdobeLivecycle Version <= 9.0.0.2
AdobeLivecycle Version6.0
AdobeLivecycle Version7.0
AdobeLivecycle Version8.0.1
AdobeLivecycle Version8.0.1.1
AdobeLivecycle Version8.0.1.2
AdobeLivecycle Version8.2.1.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.77% 0.885
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.adobe.com/support/security/bulletins/apsb11-15.html
Patch
Vendor Advisory
http://www.securitytracker.com/id?1025656
http://www.securitytracker.com/id?1025657
http://osvdb.org/73009
http://www.securityfocus.com/bid/48267
https://exchange.xforce.ibmcloud.com/vulnerabilities/68026