Adobe.JRun.Logviewer.Jsp.Directory.Traversal

description-logoDescription

This indicates an attack attempt against a directory traversal vulnerability in Adobe JRun.
A vulnerability has been reported in Adobe JRun that may allow an attacker to gain knowledge of sensitive information on a vulnerable system. This is possible because the user input filters fail to properly sanitize the logfile parameter value that is passed to "logviewer.jsp". An attacker may read any file on the vulnerable server by sending a crafted http request.

affected-products-logoAffected Products

Adobe JRun version 4.0

Impact logoImpact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Refer to the vendor's web site for suggested workaround:
http://www.adobe.com/support/security/bulletins/apsb09-12.html

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)