Security update available for BlazeDS

3 views

Skip to first unread message

AJ Mercer

unread,

Feb 18, 2010, 11:13:18 PM2/18/10

to ra...@googlegroups.com

Is this relevant to Railo as well?

Security update available for BlazeDS

Release date: February 11, 2010

Last updated: February 18, 2010

Vulnerability identifier: APSB10-05

CVE number: CVE-2009-3960

Platform: All

Summary

An important vulnerability (CVE-2009-3960) has been identified in BlazeDS 3.2 and earlier versions. When processing incoming requests, XML external entity references and injected tags can result in disclosure of information. This issue affects LiveCycle 9.0, 8.2.1 and 8.0.1, and ColdFusion 9.0, 8.0.1, 8.0, and 7.0.2, which are installed with different versions of Data Services products. Adobe has provided a solution for the reported vulnerability for each affected Adobe product. It is recommended that users update their installations of each affected Adobe product to the latest version using the instructions provided below.

http://www.adobe.com/support/security/bulletins/apsb10-05.html

--

AJ Mercer
http://webonix.net
http://twitter.com/webonix

Andrea Campolonghi

unread,

Feb 19, 2010, 2:52:39 AM2/19/10

to ra...@googlegroups.com

AJ,

Railo Team is considering this.

In case blaze DS need to be updated you will find news here.

Andrea

2010/2/19 AJ Mercer <ajme...@gmail.com>

--
Andrea Campolonghi
and...@getrailo.org

Reply all

Reply to author

Forward

0 new messages