CVE-2009-1873

Adobe JRun Application Server 4 Updater 7 - Authenticated Path Traversal via Logfile Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1873. PoCs published by DSecRG.

AI-analyzed exploit summary The advisory describes a directory traversal vulnerability in Adobe JRun Application Server's logviewer.jsp script, allowing authenticated attackers to read arbitrary files on the server. The issue was patched in August 2009.

Description

Directory traversal vulnerability in logging/logviewer.jsp in the Management Console in Adobe JRun Application Server 4 Updater 7 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the logfile parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by DSecRG · textremotewindows
https://www.exploit-db.com/exploits/9443

The advisory describes a directory traversal vulnerability in Adobe JRun Application Server's logviewer.jsp script, allowing authenticated attackers to read arbitrary files on the server. The issue was patched in August 2009.

Classification
Writeup 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Adobe JRun Application Server 4 updater 7
Auth required
Prerequisites: Access to JRun Management Console · Valid authentication credentials
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/9443
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/505808/100/0/threaded
Patch, Vendor Advisory x_refsource_confirm
http://www.adobe.com/support/security/bulletins/apsb09-12.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/57186

Scores

EPSS 0.0470
EPSS Percentile 90.6%

Details

CWE
CWE-22
Status published
Products (1)
adobe/jrun 4.0 (2 CPE variants)
Published Aug 18, 2009
Tracked Since Feb 18, 2026