QwikSec

Security Database

CVE

CWE

Training

CVE-2009-3068

Published: Sep 4, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

Unrestricted file upload vulnerability in the RoboHelpServer Servlet (robohelp/server) in Adobe RoboHelp Server 8 allows remote attackers to execute arbitrary code by uploading a Java Archive (.jsp) file during a PUBLISH action, then accessing it via a direct request to the file in the robohelp/robo/reserved/web directory under its sessionid subdirectory, as demonstrated by the vd_adobe module in VulnDisco Pack Professional 8.7 through 8.11.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://blogs.adobe.com/psirt/2009/09/potential_robohelp_server_8_is.html

x_refsource_MISC

vdb-entry

x_refsource_BID

http://www.intevydis.com/blog/?p=69

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

http://www.zerodayinitiative.com/advisories/ZDI-09-066

x_refsource_MISC

http://www.adobe.com/support/security/bulletins/apsb09-14.html

x_refsource_CONFIRM

http://www.intevydis.com/blog/?p=26

x_refsource_MISC

http://twitter.com/elegerov/statuses/3737725344

x_refsource_MISC

http://twitter.com/elegerov/statuses/3727947465

x_refsource_MISC

http://intevydis.com/vd-list.shtml

x_refsource_MISC

20090923 ZDI-09-066: Adobe RoboHelp Server Arbitrary File Upload and Execute Vulnerability

mailing-list

x_refsource_BUGTRAQ

http://twitter.com/elegerov/statuses/3737538715

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.