Adobe JRun 4.0 Multiple Vulnerabilities (APSB09-12)
Medium Nessus Plugin ID 70176
SynopsisThe remote host has software installed that is affected by multiple vulnerabilities.
DescriptionThe remote host has a version of Adobe JRun installed that contains a version of jmc-app.ear that is affected by multiple vulnerabilities :
- A directory traversal vulnerability exists in 'logviewer.jsp' in the Management Console that could allow an authenticated, remote attacker to read arbitrary files via the 'logfile' parameter.
- Multiple cross-site scripting vulnerabilities exist in the Management Console that could allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. (CVE-2009-1874)
SolutionInstall the version of jmc-app.ear linked in the advisory.