CVE-2009-3068

Name of the Vulnerable Software and Affected Versions: Adobe RoboHelp Server version 8

Description: The issue allows remote attackers to execute arbitrary code by uploading a Java Archive (.jsp) file during a PUBLISH action, then accessing it via a direct request to the file in the "robohelp/robo/reserved/web" directory under its sessionid subdirectory.

Recommendations: For Adobe RoboHelp Server version 8, consider restricting access to the robohelp/server Servlet to minimize the risk of exploitation. As a temporary workaround, avoid using the PUBLISH action until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.