Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormSh2kerrPACKETSTORM:80424
HistoryAug 17, 2009 - 12:00 a.m.

Adobe JRUN Directory Traversal

2009-08-1700:00:00
Sh2kerr
packetstormsecurity.com
37

0.098 Low

EPSS

Percentile

94.8%

JSON
`  
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-051  
  
  
Application: Adobe JRun Application Server  
Versions Affected: 4 updater 7  
Vendor URL: http://www.adobe.com/products/jrun/  
Bug: Directory Traversal File Read  
Exploits: YES  
Reported: 20.01.2009  
Vendor response: 21.01.2009  
Solution: YES   
Date of Public Advisory: 17.08.2009  
CVE-number: CVE-2009-1873  
Author: Digital Security Research Group [DSecRG] (research [at] dsec [dot] ru)  
  
  
  
Description  
***********  
  
JRun Management Console Directory Traversal vulnerability.  
  
  
Details  
*******  
  
  
Directory Traversal vulnerability found in script logviewer.jsp  
  
Using Management Console authenticated attacker can read any file on server.  
  
Also attacker can exploit this issue using XSS (http://www.dsecrg.com/pages/vul/show.php?id=152)  
  
  
Example:  
  
http://[server]/server/[profile]/logging/logviewer.jsp?logfile=../../../../../../../boot.ini  
  
  
  
  
Fix Information  
***************  
The issue has been solved 17 august 2009. http://www.adobe.com/go/apsb09-12  
  
  
References:  
***********  
  
http://www.adobe.com/go/apsb09-12  
http://www.dsecrg.com/pages/vul/show.php?id=151  
  
  
About  
*****  
  
  
Digital Security one of the leading IT security companies in CEMEA, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses on web application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website.  
  
  
Contact: research [at] dsecrg [dot] com  
http://www.dsecrg.com   
  
`

Related

prion 1
seebug 1
securityvulns 2
cvelist 1
cve 1
exploitpack 1
nvd 1
checkpoint_advisories 1
exploitdb 1
nessus 1
openvas 2
prion
prion
Directory traversal
2009-08-18 22:30:00
seebug
seebug
Adobe JRun 4 (logfile) Directory Traversal Vulnerability (auth)
2009-08-19 00:00:00
securityvulns
securityvulns
Adobe JRun multiple security vulnerabilities
2009-08-17 00:00:00
[DSECRG-09-052] Adobe JRun 4 Directory Traversal Vulnerabilities
2009-08-17 00:00:00
cvelist
cvelist
CVE-2009-1873
2009-08-18 22:00:00
cve
cve
CVE-2009-1873
2009-08-18 22:30:00
exploitpack
exploitpack
Adobe JRun 4 - logfile (Authenticated) Directory Traversal
2009-08-18 00:00:00
nvd
nvd
CVE-2009-1873
2009-08-18 22:30:00
checkpoint_advisories
checkpoint_advisories
Preemptive Protection against Adobe JRun 4.0 Directory Traversal File Read Vulnerability (APSB09-12)
2009-08-18 00:00:00
exploitdb
exploitdb
Adobe JRun 4 - 'logfile' (Authenticated) Directory Traversal
2009-08-18 00:00:00
nessus
nessus
Adobe JRun 4.0 Multiple Vulnerabilities (APSB09-12)
2013-09-27 00:00:00
openvas
openvas
Adobe JRun 4.0 Management Console Multiple Vulnerabilities (APSB09-12)
2009-08-26 00:00:00
Adobe JRun Management Console Multiple Vulnerabilities
2009-08-26 00:00:00

0.098 Low

EPSS

Percentile

94.8%

JSON
Related for PACKETSTORM:80424
prion1seebug1securityvulns2cvelist1cve1exploitpack1nvd1checkpoint_advisories1exploitdb1nessus1openvas2