Directory Traversal Vulnerability in Adobe JRun Application Server
CVE-2009-1873

Currently unrated

Key Information:

Vendor: Adobe
Status: Jrun
Vendor: CVE Published:; 18 August 2009

Summary

A directory traversal vulnerability exists in the logging/logviewer.jsp component of Adobe JRun Application Server 4 Updater 7. This flaw allows remote authenticated users to exploit the logfile parameter, enabling them to read arbitrary files on the server. By utilizing the '..' (dot dot) sequence, attackers can bypass authentication controls and potentially access sensitive information on the server. This vulnerability poses significant risks for enterprise environments relying on Adobe's application server solution.

References

https://www.exploit-db.com/exploits/9443

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/archive/1/505808/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.adobe.com/support/security/bulletins/apsb09-12...

x_refsource_CONFIRM

Timeline

Vulnerability published
Aug 18, 2009
Vulnerability Reserved
Jun 1, 2009