[DSECRG-09-051] Adobe JRun 4 Multiple XSS
- From: research@xxxxxxxxxx
- Date: Mon, 17 Aug 2009 18:46:45 +0400
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-051
Application: Adobe JRun Application Server
Versions Affected: 4 updater 7
Vendor URL: http://www.adobe.com/products/jrun/
Bug: Directory Traversal File Read
Vendor response: 21.01.2009
Date of Public Advisory: 17.08.2009
Author: Digital Security Research Group [DSecRG] (research [at] dsec [dot] ru)
JRun Management Console Directory Traversal vulnerability.
Directory Traversal vulnerability found in script logviewer.jsp
Using Management Console authenticated attacker can read any file on server.
Also attacker can exploit this issue using XSS (http://www.dsecrg.com/pages/vul/show.php?id=152)
The issue has been solved 17 august 2009. http://www.adobe.com/go/apsb09-12
Digital Security one of the leading IT security companies in CEMEA, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses on web application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website.
Contact: research [at] dsecrg [dot] com
- Prev by Date: [DSECRG-09-052] Adobe JRun 4 Directory Traversal Vulnerabilities
- Next by Date: [SECURITY] [DSA 1865-1] New Linux 2.6.18 packages fix several vulnerabilities
- Previous by thread: [DSECRG-09-052] Adobe JRun 4 Directory Traversal Vulnerabilities
- Next by thread: [SECURITY] [DSA 1865-1] New Linux 2.6.18 packages fix several vulnerabilities