PT-2009-4337 · Adobe · Jrun Application Server
Published
2009-08-18
·
Updated
2018-10-10
·
CVE-2009-1873
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Adobe JRun Application Server 4 Updater 7
Description:
A directory traversal issue exists in the logging/logviewer.jsp file of the Management Console, allowing remote authenticated users to read arbitrary files. This is achieved by including a .. (dot dot) in the
logfile parameter.Recommendations:
For Adobe JRun Application Server 4 Updater 7, restrict access to the logging/logviewer.jsp file to minimize the risk of exploitation. Avoid using the
logfile parameter with untrusted input until the issue is resolved.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jrun Application Server