Check Point Advisories

Adobe JRun 4 Server File Disclosure (CVE-2004-0928)

Check Point Reference: CPAI-2004-182
Date Published: 17 Nov 2009
Severity: High
Last Updated: Sunday 19 April, 2015
Source:
Industry Reference:CVE-2004-0928
Protection Provided by:

Security Gateway
R81, R80, R77, R75
Who is Vulnerable?
Vulnerability Description Adobe JRun is an application server used to deploy J2EE (Java 2 Enterprise Edition) applications, JSPs (Java Server Pages), and other Java applications. It can be used as a stand-alone web server or can be accessed through other web servers including IIS and Apache. With IIS, JRun can be registered to be invoked with certain resources (e.g., .jsp files) as an ISAPI filter or an Application Mapping. There exists a vulnerability in the way Adobe JRun 4.x server processes URLs. A specially crafted request for a file can bypass access restrictions on JRun. This can result in the source of the requested script file to be served rather than the intended script output. This vulnerability may be leveraged to reveal sensitive information such as account names, passwords, paths to internal resources, and so on. The vulnerable target returns the requested file in its source format. If the file is a script such as a PHP, ASP, and so on, then the original source code is revealed. If the script contains sensitive information such as user credentials, paths to internal resources, and so on, then this information is now available to the attacker. An attacker may be able to use such information to launch other attacks against the target.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

  1. In the IPS tab, click Protections and find the Adobe JRun 4 Server File Disclosure protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  Adobe Products Violation.
Attack Information:  Adobe JRun 4 server file disclosure

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK