Update Protection against Adobe JRun 4 Management Console Cross-Site Scripting Vulnerability (APSB09-12)
| Check Point Reference: | CPAI-2009-192 | |
| Date Published: | ||
| Severity: | ||
| Source: | Adobe vulnerability identifier: APSB09-12 | |
| Industry Reference(s): | CVE-2009-1874 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Adobe Systems JRun 4.0 | ||
| Vulnerability Description A Cross Site Scripting (XSS) vulnerability has been discovered in Adobe JRun Management Console. JRun is an application server based on Java 2 Platform, Enterprise Edition (J2EE). It works with popular Web servers including Apache and IIS. A remote attacker could exploit this issue to execute a cross-site scripting attack that could potentially lead to code execution. |
||
|
Update/Patch Available Apply Hotfix: Adobe vulnerability identifier: APSB09-12 |
|
|
Vulnerability Details The vulnerability is due to an error in the Adobe JRun Management Console that fails to sufficiently validate input when processing client HTTP requests. A remote attacker could trigger this issue via a specially crafted HTTP request. Successful exploitation of this issue will allow the attacker to inject arbitrary web script or HTML to the vulnerable server. |
Protection Overview
This protection will detect and block attempts to exploit this vulnerability.
Note: If your ColdFusion server is configured to listen on a port other than 80, make sure to define this port as an HTTP service.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.