Check Point Reference: | CPAI-2009-163 |
Date Published: | 18 Aug 2009 |
Severity: | High |
Last Updated: | Thursday 01 January, 2009 |
Source: | Adobe vulnerability identifier: APSB09-12 |
Industry Reference: | CVE-2009-1873 |
Protection Provided by: | |
Who is Vulnerable? | Adobe Systems JRun 4.0 |
Vulnerability Description | A directory traversal vulnerability was reported in the Adobe Systems JRun. JRun is an application server based on Java 2 Platform, Enterprise Edition (J2EE). It works with popular Web servers including Apache and IIS. This vulnerability allows an attacker to access normally-inaccessible files and directories through a specially-created HTTP request. Instead of having access only to the publically-available files, the attacker can have access to all files on that server using this vulnerability. |
Update/Patch Avaliable | Apply Hotfix: Adobe vulnerability identifier: APSB09-12 |
Vulnerability Details | The vulnerability is due to an input validation error in JRun when processing client HTTP requests. A remote attacker may trigger this issue by specially crafting an HTTP request and sending it to an affected server. Successful exploitation of this vulnerability may allow the attacker to disclose or access arbitrary files on the target system. |