Detections
Analytics
Adobe RoboHelp Server Security Bypass (APSA09-05 / intrusive check)
critical Nessus Plugin ID 41947
Language:
Synopsis
A web application running on the remote host has a security bypass vulnerability that can lead to arbitrary command execution.Description
The version of RoboHelp Server running on the remote host has a security bypass vulnerability. Arbitrary files can be uploaded to the web server by using a specially crafted POST request. Uploading a JSP file can result in command execution as SYSTEM.Solution
Apply the patch referenced in Adobe's advisory.See Also
http://www.nessus.org/u?f4448043
https://www.zerodayinitiative.com/advisories/ZDI-09-066/
https://seclists.org/fulldisclosure/2009/Sep/359
https://www.adobe.com/support/security/advisories/apsa09-05.html
https://www.adobe.com/support/security/bulletins/apsb09-14.html
Plugin Details
Severity: Critical
ID: 41947
File Name: robohelpserver_apsb09_14.nasl
Version: 1.16
Type: remote
Family: CGI abuses
Published: 9/30/2009
Updated: 1/19/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.3
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:adobe:robohelp_server
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: No exploit is required
Exploited by Nessus: true
Patch Publication Date: 9/18/2009
Vulnerability Publication Date: 9/9/2009
Exploitable With
CANVAS (D2ExploitPack)
Core Impact
Metasploit (Adobe RoboHelp Server 8 Arbitrary File Upload and Execute)
Elliot (Adobe Robohelp Server 8 Upload)
Reference Information
CVE: CVE-2009-3068
BID: 36245