Adobe.XML.Entity.Injection
Description
This indicates an attempt to exploit an XML External Entity Injection vulnerability in Adobe BlazeDS.
The vulnerability is a result of the application's failure to properly sanitize user input before using it in XML. It allows a remote attacker to execute
arbitrary code via sending a crafted web page.
Affected Products
BlazeDS 3.2 and earlier versions
LiveCycle 9.0, 8.2.1, and 8.0.1
LiveCycle Data Services 3.0, 2.6.1, and 2.5.1
Flex Data Services 2.0.1
ColdFusion 9.0, 8.0.1, 8.0, and 7.0.2
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Apply the latest update from the vendor.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |