Check Point Advisories

Preemptive Protection against Adobe JRun 4.0 Directory Traversal File Read Vulnerability (APSB09-12)

Check Point Reference: CPAI-2009-163
Date Published: 18 Aug 2009
Severity: High
Last Updated: Thursday 01 January, 2009
Source: Adobe vulnerability identifier: APSB09-12
Industry Reference:CVE-2009-1873
Protection Provided by:
Who is Vulnerable? Adobe Systems JRun 4.0
Vulnerability Description A directory traversal vulnerability was reported in the Adobe Systems JRun. JRun is an application server based on Java 2 Platform, Enterprise Edition (J2EE). It works with popular Web servers including Apache and IIS. This vulnerability allows an attacker to access normally-inaccessible files and directories through a specially-created HTTP request. Instead of having access only to the publically-available files, the attacker can have access to all files on that server using this vulnerability.
Update/Patch AvaliableApply Hotfix:
Adobe vulnerability identifier: APSB09-12
Vulnerability DetailsThe vulnerability is due to an input validation error in JRun when processing client HTTP requests. A remote attacker may trigger this issue by specially crafting an HTTP request and sending it to an affected server. Successful exploitation of this vulnerability may allow the attacker to disclose or access arbitrary files on the target system.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK