Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Adobe LiveCycle Data Services Apache Flex BlazeDS 信息泄露漏洞
Vulnerability Description
Adobe LiveCycle Data Services(LCDS)是美国奥多比(Adobe)公司的一套部署在应用服务器上并整合了RIA应用和J2EE等企业应用的服务器软件。Apache Flex BlazeDS是其中的一个基于服务器的Java远程和Web消息推送组件。 Adobe LCDS的flex-messaging-core.jar文件中使用的Apache Flex BlazeDS中存在安全漏洞。远程攻击者可借助带有XML外部实体声明和实体引用的AMF消息利用该漏洞读取任意文件。以下版本受到影响:
CVSS Information
N/A
Vulnerability Type
N/A