Intrusion Prevention

Adobe.JRun.Logviewer.Jsp.Directory.Traversal

Description

This indicates an attack attempt against a directory traversal vulnerability in Adobe JRun.
A vulnerability has been reported in Adobe JRun that may allow an attacker to gain knowledge of sensitive information on a vulnerable system. This is possible because the user input filters fail to properly sanitize the logfile parameter value that is passed to "logviewer.jsp". An attacker may read any file on the vulnerable server by sending a crafted http request.

Affected Products

Adobe JRun version 4.0

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Refer to the vendor's web site for suggested workaround:
http://www.adobe.com/support/security/bulletins/apsb09-12.html

CVE References

CVE-2009-1874 CVE-2009-1873