Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a "deserialization vulnerability."
References
Link | Resource |
---|---|
http://www.adobe.com/support/security/bulletins/apsb11-15.html | Patch Vendor Advisory |
http://www.securitytracker.com/id?1025656 | |
http://www.securitytracker.com/id?1025657 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: adobe
Published: 2011-06-16T23:00:00
Updated: 2011-09-07T09:00:00
Reserved: 2011-05-13T00:00:00
Link: CVE-2011-2092
JSON object: View
NVD Information
Status : Modified
Published: 2011-06-16T23:55:01.527
Modified: 2011-09-07T03:16:56.270
Link: CVE-2011-2092
JSON object: View
Redhat Information
No data.
CWE