Vulnerability Details : CVE-2009-3068
Public exploit exists!
Unrestricted file upload vulnerability in the RoboHelpServer Servlet (robohelp/server) in Adobe RoboHelp Server 8 allows remote attackers to execute arbitrary code by uploading a Java Archive (.jsp) file during a PUBLISH action, then accessing it via a direct request to the file in the robohelp/robo/reserved/web directory under its sessionid subdirectory, as demonstrated by the vd_adobe module in VulnDisco Pack Professional 8.7 through 8.11.
Vulnerability category: Execute code
Products affected by CVE-2009-3068
- cpe:2.3:a:adobe:robohelp_server:8:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-3068
97.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2009-3068
-
Adobe RoboHelp Server 8 Arbitrary File Upload and Execute
Disclosure Date: 2009-09-23First seen: 2020-04-26exploit/windows/http/adobe_robohelper_authbypassThis module exploits an authentication bypass vulnerability which allows remote attackers to upload and execute arbitrary code. Authors: - MC <mc@metasploit.com>
CVSS scores for CVE-2009-3068
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2009-3068
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-3068
-
http://twitter.com/elegerov/statuses/3737538715
-
http://www.adobe.com/support/security/bulletins/apsb09-14.html
Vendor Advisory
-
http://twitter.com/elegerov/statuses/3737725344
-
http://blogs.adobe.com/psirt/2009/09/potential_robohelp_server_8_is.html
-
http://www.zerodayinitiative.com/advisories/ZDI-09-066
ZDI-09-066 | Zero Day Initiative
-
http://www.securityfocus.com/archive/1/506687/100/0/threaded
-
http://www.intevydis.com/blog/?p=69
-
http://intevydis.com/vd-list.shtml
404 Not Found
-
http://www.securityfocus.com/bid/36245
-
http://www.intevydis.com/blog/?p=26
-
http://twitter.com/elegerov/statuses/3727947465
Jump to