CVE-2011-2092

Currently unrated

Key Information:

Vendor: Adobe
Status: Blazeds
Vendor: CVE Published:; 16 June 2011

Summary

Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a "deserialization vulnerability."

References

http://www.securitytracker.com/id?1025656

vdb-entryx_refsource_SECTRACK

http://www.adobe.com/support/security/bulletins/apsb11-15...

x_refsource_CONFIRM

http://www.securitytracker.com/id?1025657

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Jun 16, 2011
Vulnerability Reserved
May 13, 2011