Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Adobe JRUN Directory Traversal

Related Vulnerabilities: CVE-2009-1873  
Publish Date: 17 Aug 2009
Author: Sh2kerr, dsecrg.com
Source 
                
Digital Security Research Group [DSecRG] Advisory  #DSECRG-09-051


Application:                Adobe JRun Application Server
Versions Affected:          4 updater 7
Vendor URL:                 http://www.adobe.com/products/jrun/
Bug:                        Directory Traversal File Read
Exploits:                   YES
Reported:                   20.01.2009
Vendor response:            21.01.2009
Solution:                   YES   
Date of Public Advisory:    17.08.2009
CVE-number:                 CVE-2009-1873
Author:                     Digital Security Research Group [DSecRG] (research [at] dsec [dot] ru)



Description
***********

JRun Management Console Directory Traversal vulnerability.


Details
*******


Directory Traversal vulnerability found in script logviewer.jsp

Using Management Console authenticated attacker can read any file on server.

Also attacker can exploit this issue using XSS (http://www.dsecrg.com/pages/vul/show.php?id=152)


Example:

http://[server]/server/[profile]/logging/logviewer.jsp?logfile=../../../../../../../boot.ini




Fix Information
***************
The issue has been solved 17 august 2009.  http://www.adobe.com/go/apsb09-12


References:
***********

http://www.adobe.com/go/apsb09-12
http://www.dsecrg.com/pages/vul/show.php?id=151


About
*****


Digital Security one of the leading IT security companies in CEMEA, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses on web application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website.


Contact:  research [at] dsecrg [dot] com
    http://www.dsecrg.com 
  
<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started