CVE-2009-3068

Adobe RoboHelp Server Arbitrary File Upload and Execute Vulnerability

Severity Score

9.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Unrestricted file upload vulnerability in the RoboHelpServer Servlet (robohelp/server) in Adobe RoboHelp Server 8 allows remote attackers to execute arbitrary code by uploading a Java Archive (.jsp) file during a PUBLISH action, then accessing it via a direct request to the file in the robohelp/robo/reserved/web directory under its sessionid subdirectory, as demonstrated by the vd_adobe module in VulnDisco Pack Professional 8.7 through 8.11.

Una vulnerabilidad de carga de archivos sin restricciones en el Servlet RoboHelpServer (robohelp/server) en RoboHelp Server de Adobe versión 8, permite a los atacantes remotos ejecutar código arbitrario mediante la carga de un archivo Java Archive (.jsp) durante una acción PUBLISH, y luego, acceder a él por medio de una petición directa al archivo en el directorio robohelp/robo/reserved/web bajo su subdirectorio sessionid, como es demostrado por el módulo vd_adobe en VulnDisco Pack Professional versiones 8.7 hasta 8.11.

This vulnerability allows remote attackers to execute arbitrary code on vulnerability installations of Adobe RoboHelp Server. Authentication is not required to exploit this vulnerability.
The specific flaw exists in the management web server listening by default on port 8080. The Java Servlet handling POST requests to the server does not properly sanitize user input. A specially crafted request can bypass authentication allowing an attacker to upload and execute arbitrary files. Successful exploitation can result in complete system compromise under SYSTEM credentials.

*Credits: Stephen Fewer of Harmony Security (www.harmonysecurity.com)

CVSS Scores

NISTv2 9.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2009-09-03 First Exploit
2009-09-04 CVE Reserved
2009-09-04 CVE Published
2024-08-07 CVE Updated
2024-10-24 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-264: Permissions, Privileges, and Access Controls

CAPEC

References (14)

URL	Tag	Source
http://blogs.adobe.com/psirt/2009/09/potential_robohelp_server_8_is.html	X_refsource_misc
http://intevydis.com/vd-list.shtml	X_refsource_misc
http://twitter.com/elegerov/statuses/3727947465	X_refsource_misc
http://twitter.com/elegerov/statuses/3737538715	X_refsource_misc
http://twitter.com/elegerov/statuses/3737725344	X_refsource_misc
http://www.intevydis.com/blog/?p=26	X_refsource_misc
http://www.intevydis.com/blog/?p=69	X_refsource_misc
http://www.securityfocus.com/archive/1/506687/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/36245	Vdb Entry
http://www.zerodayinitiative.com/advisories/ZDI-09-066	X_refsource_misc

URL	Date	SRC
https://www.exploit-db.com/exploits/33209	2009-09-03
https://www.exploit-db.com/exploits/16789	2010-11-24

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/36467	2018-10-10
http://www.adobe.com/support/security/bulletins/apsb09-14.html	2018-10-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Adobe Search vendor "Adobe"		Robohelp Server Search vendor "Adobe" for product "Robohelp Server"				8 Search vendor "Adobe" for product "Robohelp Server" and version "8"		-		Affected