Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Assurent VR - Adobe RoboHelp Server SQL Injection Vulnerability
From: VR-Subscription-noreply () assurent com
Date: Tue, 8 Jul 2008 15:21:45 -0400 (EDT)

Adobe RoboHelp Server SQL Injection Vulnerability
Assurent ID: FSC20080708-10

1. Affected Software

   Adobe RoboHelp Server, version 6
   Adobe RoboHelp Server, version 7

   Reference: http://www.adobe.com/products/robohelpserver/


2. Vulnerability Summary

   There exists an SQL injection vulnerability in Adobe RoboHelp Server that allows attackers to inject and execute 
arbitrary SQL 
   statements. The SQL would run against the RoboHelp back-end database within the security context of the 
application's database 
   connection.


3. Vulnerability Analysis

   The vulnerability can be exploited two ways:

   1) A remote authenticated attacker may trigger this vulnerability by sending a crafted HTTP request to the target 
server. 

   2) A remote unauthenticated attacker can entice an authenticated user to execute an attack using cross-site 
scripting techniques.

   Assurent has confirmed that execution of arbitrary SQL statements is possible. The SQL in such a case would execute 
within the 
   security context of the application's database connection.


4. Vulnerability Detection

   Assurent has confirmed the vulnerability in Adobe RoboHelp Server versions 6 and 7.


5. Workaround

   Apply the vendor patch or block communication from untrusted networks to ports 80/TCP and 443/TCP on affected assets.


6. Vendor Response

   Adobe Systems has released a bulletin addressing this vulnerability. 

   Reference: http://www.adobe.com/support/security/bulletins/apsb08-16.html


7. Disclosure Timeline

   05/09/2008 Reported to vendor
   05/09/2008 Initial vendor response
   07/08/2008 Coordinated public disclosure


8. Credits

   Vulnerability Research Team, Assurent Secure Technologies, a TELUS company


9. References

   CVE: CVE-2008-2991
   Vendor: APSB08-16


10. About Assurent VRS

   Assurent's Vulnerability Research Service (VRS) for security product vendors, and Threat Protection Programs (TPP) 
for 
   MSPs and enterprise security teams, help to eliminate the significant costs incurred by security product vendors, 
MSPs, 
   and enterprise security teams in responding to and managing critical new security vulnerabilities and other threats 
   including worm & virus outbreaks and high-risk spyware. The VRS and TPP services are real-time feeds providing 
subscribers 
   with detailed analysis of the top security vulnerabilities, focused on the specific needs of each group of customers.

   http://www.assurent.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • Assurent VR - Adobe RoboHelp Server SQL Injection Vulnerability VR-Subscription-noreply (Jul 09)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]