Check Point Advisories

Adobe RoboHelp Server Arbitrary File Upload and Execute (CVE-2009-3068)

Check Point Reference: CPAI-2009-384
Date Published: 22 Mar 2010
Severity: Critical
Last Updated: Sunday 07 December, 2014
Source:
Industry Reference:CVE-2009-3068
Protection Provided by:

Security Gateway
R81, R80, R77, R75
Who is Vulnerable?
Vulnerability Description Adobe RoboHelp Server is a server-based Help solution that provides real-time end-user feedback on help and knowledge bases. It gathers and logs data about what questions users ask while searching content and how users navigate through topics. The product consists of an administrative web interface for managing help projects as well as user feedback. A remote code execution vulnerability exists in Adobe RoboHelp. The vulnerability is due to an insufficient validation of POST requests sent to the management web server. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to the server. This crafted request can bypass authentication, allowing the attacker to upload and execute arbitrary files. Successful exploitation of this vulnerability may lead to execution of arbitrary code in the context of System.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.Note that in order for this defense to protect your Adobe RoboHelp Server, you will need to configure port 8080 (which is also the HTTP proxy port) to work with the HTTP protocol. You need to do the following:1. In the Services tree, click on TCP > HTTP_and_HTTPS_proxy. The TCP Service Properties window opens.2. Click on Advanced. Select the Protocol Type: HTTP.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

  1. In the IPS tab, click Protections and find the Adobe RoboHelp Server Arbitrary File Upload and Execute protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  Adobe Products Violation.
Attack Information:  Adobe RoboHelp Server arbitrary file upload and execute

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK