Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: destructive_attack

Adobe Document Server File URI Resource Access Vulnerability Vulnerability Scan

Vulnerability Scan Summary
Tries to write to a file using Adobe Document Server

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server is affected by multiple flaws.

Description :

The remote host is running Adobe Document Server, a server that
dynamically creates and manipulates PDF documents as well as graphic

The version of Adobe Document Server installed on the remote host
allows saving PDF and XML documents as well as most types of image
files using file URIs to arbitrary locations on the affected host and
with arbitrary extensions. An unauthenticated remote attacker may be
able to leverage this flaw to write a graphics image with malicious
Javascript as metadata into the Startup folders to be executed
whenever a user logs in.

Additionally, it lets a possible hacker retrieve arbitrary PDF files, XML
documents, and most types of image files, which may result in the
disclosure of sensitive information.

See also :

Solution :

Harden the application's configuration as described in the
'server/tools/security/readme.txt' file included in the distribution
as well as the vendor advisory above.

Threat Level:

Low / CVSS Base Score : 2.6

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.