Digital Security Research Group - [DSECRG-09-052] Adobe JRun 4

JRun Management Console Directory Traversal vulnerability.

Digital Security Research Group [DSecRG] Advisory #DSECRG-09-052

Application: Adobe JRun Application Server
Versions Affected: 4 updater 7
Vendor URL: http://www.adobe.com/products/jrun/
Bug: Directory Traversal File Read
Exploits: YES
Reported: 20.01.2009
Vendor response: 21.01.2009
Solution: YES
Date of Public Advisory: 17.08.2009
CVE-number: CVE-2009-1873
Author: Digital Security Research Group [DSecRG] (research [at] dsec [dot] ru)

Details
*******

Directory Traversal vulnerability was found in script logviewer.jsp

Using Management Console an authenticated attacker can read any file on the server.

Also an attacker can exploit this issue using XSS (http://www.dsecrg.com/pages/vul/show.php?id=152)

Example:

http://[server]/server/[profile]/logging/logviewer.jsp?logfile=../../../../../../../boot.ini

Fix Information
***************
The issue has been solved August 17, 2009. http://www.adobe.com/go/apsb09-12

References:
***********

http://www.adobe.com/go/apsb09-12
http://www.dsecrg.com/pages/vul/show.php?id=152

About
*****
Digital Security one of the leading IT security companies in CEMEA, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses on web application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website.

Contact: research [at] dsecrg [dot] com
http://www.dsecrg.com