1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Adobe BlazeDS Information Disclosure Vulnerability

Known Exploited Vulnerabilities CVE-2009-3960 Mappings

Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2009-3960 Adobe BlazeDS Information Disclosure Vulnerability primary_impact T1486 Data Encrypted for Impact
Comments
This vulnerability is exploited through an XML injection or XML external entity injection. In-the-wild reporting indicates adversaries have used this exploit to establish a web shell on a victim machine. This adversary took actions to cover their tracks, establish persistence, exfiltrate Registry data, escalated privileges, moved laterally, disabled security software, installed and ran ransomware.
References
  1. https://news.sophos.com/en-us/2021/09/21/cring-ransomware-group-exploits-ancient-coldfusion-server/
CVE-2009-3960 Adobe BlazeDS Information Disclosure Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
This vulnerability is exploited through an XML injection or XML external entity injection. In-the-wild reporting indicates adversaries have used this exploit to establish a web shell on a victim machine. This adversary took actions to cover their tracks, establish persistence, exfiltrate Registry data, escalated privileges, moved laterally, disabled security software, installed and ran ransomware.
References
  1. https://news.sophos.com/en-us/2021/09/21/cring-ransomware-group-exploits-ancient-coldfusion-server/