Vulnerability Name: CVE-2011-2093 (CCN-68026) Assigned: 2011-06-14 Published: 2011-06-14 Updated: 2017-08-29 Summary: Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly handle object graphs, which allows attackers to cause a denial of service via unspecified vectors, related to a "complex object graph vulnerability." CVSS v3 Severity: 7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): High
CVSS v2 Severity: 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C 5.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Complete
Vulnerability Type: CWE-20 Vulnerability Consequences: Denial of Service References: Source: MITRECVE-2011-2093 HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Unauthorized Access, Execution of Arbitrary Code, and Other Vulnerabilities 73009 Adobe ColdFusion Multiple Vulnerabilities Adobe LiveCycle / BlazeDS Two Vulnerabilities Security update: Hotfix available for ColdFusion Security update available for LiveCycle Data Services, LiveCycle ES, and BlazeDS http://www.adobe.com/support/security/bulletins/apsb11-15.html Adobe LiveCycle / BlazeDS Complex Object Graph Handling DoS 48267 Adobe LiveCycle Data Services and BlazeDS Remote Denial of Service Vulnerability 1025656 1025657 livecycle-graph-object-dos(68026) livecycle-graph-object-dos(68026) Vulnerable Configuration: Configuration 1 :cpe:/a:adobe:blazeds:*:*:*:*:*:*:*:* (Version <= 4.0.1)Configuration 2 :cpe:/a:adobe:livecycle_data_services:2.5:*:*:*:*:*:*:* OR cpe:/a:adobe:livecycle_data_services:2.5.1:*:*:*:*:*:*:* OR cpe:/a:adobe:livecycle_data_services:2.6:*:*:*:*:*:*:* OR cpe:/a:adobe:livecycle_data_services:2.6.1:*:*:*:*:*:*:* OR cpe:/a:adobe:livecycle_data_services:3:*:*:*:*:*:*:* OR cpe:/a:adobe:livecycle_data_services:*:*:*:*:*:*:*:* (Version <= 3.1) Configuration 3 :cpe:/a:adobe:livecycle:6.0:*:*:*:*:*:*:* OR cpe:/a:adobe:livecycle:7.0:*:*:*:*:*:*:* OR cpe:/a:adobe:livecycle:8.0.1:*:*:*:*:*:*:* OR cpe:/a:adobe:livecycle:8.0.1.1:*:*:*:*:*:*:* OR cpe:/a:adobe:livecycle:8.0.1.2:*:*:*:*:*:*:* OR cpe:/a:adobe:livecycle:8.2.1.3:*:*:*:*:*:*:* OR cpe:/a:adobe:livecycle:*:*:*:*:*:*:*:* (Version <= 9.0.0.2) Configuration CCN 1 :cpe:/a:hp:systems_insight_manager:4.2:sp1:*:*:*:*:*:* OR cpe:/a:hp:systems_insight_manager:4.2:sp2:*:*:*:*:*:* OR cpe:/a:hp:systems_insight_manager:5.0:sp1:*:*:*:*:*:* OR cpe:/a:hp:systems_insight_manager:5.0:sp2:*:*:*:*:*:* OR cpe:/a:hp:systems_insight_manager:5.0:sp3:*:*:*:*:*:* OR cpe:/a:hp:systems_insight_manager:5.0:sp5:*:*:*:*:*:* OR cpe:/a:adobe:coldfusion:8.0:*:*:*:*:*:*:* OR cpe:/a:adobe:coldfusion:8.0.1:*:*:*:*:*:*:* OR cpe:/a:hp:systems_insight_manager:4.0:*:*:*:*:*:*:* OR cpe:/a:hp:systems_insight_manager:5.0:*:*:*:*:*:*:* OR cpe:/a:adobe:coldfusion:9.0:*:*:*:*:*:*:* OR cpe:/a:hp:systems_insight_manager:5.3:*:*:*:*:*:*:* OR cpe:/a:hp:systems_insight_manager:5.3:update_1:*:*:*:*:*:* OR cpe:/a:hp:systems_insight_manager:6.0:*:*:*:*:*:*:* OR cpe:/a:adobe:coldfusion:9.0.1:*:*:*:*:*:*:* OR cpe:/a:hp:systems_insight_manager:6.1:*:*:*:*:*:*:* OR cpe:/a:adobe:livecycle:8.2.1.3:*:*:*:*:*:*:* OR cpe:/a:adobe:livecycle:9.0.0.2:*:*:*:*:*:*:* OR cpe:/a:adobe:livecycle_data_services:3.1:*:*:*:*:*:*:* OR cpe:/a:adobe:livecycle_data_services:2.6.1:*:*:*:*:*:*:* OR cpe:/a:adobe:livecycle_data_services:2.5.1:*:*:*:*:*:*:* OR cpe:/a:adobe:blazeds:4.0.1:*:*:*:*:*:*:* OR cpe:/a:hp:systems_insight_manager:6.2:*:*:*:*:*:*:* OR cpe:/a:hp:systems_insight_manager:6.3:*:*:*:*:*:*:* BACK
adobe blazeds *
adobe livecycle data services 2.5
adobe livecycle data services 2.5.1
adobe livecycle data services 2.6
adobe livecycle data services 2.6.1
adobe livecycle data services 3
adobe livecycle data services *
adobe livecycle 6.0
adobe livecycle 7.0
adobe livecycle 8.0.1
adobe livecycle 8.0.1.1
adobe livecycle 8.0.1.2
adobe livecycle 8.2.1.3
adobe livecycle *
hp systems insight manager 4.2 sp1
hp systems insight manager 4.2 sp2
hp systems insight manager 5.0 sp1
hp systems insight manager 5.0 sp2
hp systems insight manager 5.0 sp3
hp systems insight manager 5.0 sp5
adobe coldfusion 8.0
adobe coldfusion 8.0.1
hp systems insight manager 4.0
hp systems insight manager 5.0
adobe coldfusion 9.0
hp systems insight manager 5.3
hp systems insight manager 5.3 update_1
hp systems insight manager 6.0
adobe coldfusion 9.0.1
hp systems insight manager 6.1
adobe livecycle 8.2.1.3
adobe livecycle 9.0.0.2
adobe livecycle data services 3.1
adobe livecycle data services 2.6.1
adobe livecycle data services 2.5.1
adobe blazeds 4.0.1
hp systems insight manager 6.2
hp systems insight manager 6.3
Denotes that component is vulnerable