Detections
Analytics
Adobe RoboHelp Server Security Bypass (APSA09-05)
critical Nessus Plugin ID 41946
Language:
Synopsis
A web application running on the remote host has a security bypass vulnerability that can lead to arbitrary command execution.Description
The version of RoboHelp Server running on the remote host has a security bypass vulnerability. Arbitrary files can be uploaded to the web server by using a specially crafted POST request. Uploading a JSP file can result in command execution as SYSTEM.Since safe checks are enabled, Nessus detected this vulnerability solely by issuing an incomplete POST request and checking the resulting HTTP status code.
Solution
Apply the patch referenced in Adobe's advisory.See Also
http://www.nessus.org/u?f4448043
https://www.zerodayinitiative.com/advisories/ZDI-09-066/
https://seclists.org/fulldisclosure/2009/Sep/359
https://www.adobe.com/support/security/advisories/apsa09-05.html
https://www.adobe.com/support/security/bulletins/apsb09-14.html
Plugin Details
Severity: Critical
ID: 41946
File Name: robohelpserver_apsb09_14_safe.nasl
Version: 1.18
Type: remote
Family: CGI abuses
Published: 9/30/2009
Updated: 1/19/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.3
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:adobe:robohelp_server
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: No exploit is required
Patch Publication Date: 9/18/2009
Vulnerability Publication Date: 9/9/2009
Exploitable With
CANVAS (D2ExploitPack)
Core Impact
Metasploit (Adobe RoboHelp Server 8 Arbitrary File Upload and Execute)
Elliot (Adobe Robohelp Server 8 Upload)
Reference Information
CVE: CVE-2009-3068
BID: 36245