Ankur Jain on the Adobe Tech Comm blog warns that a critical vulnerability exists in the current version of RoboHelp Server 8.
This vulnerability could result in an unauthenticated user uploading and executing arbitrary code.
Solution: Adobe recommends all RoboHelp Server 8 users update their RoboHelp installations by applying the update using the instructions below:
1. Stop Tomcat service if its running.
2. Backup the following files:
a. \WEB-INF\classes\adobe\robohelp\server\Publish.class
b. \WEB-INF\classes\adobe\robohelp\server\Publish$1.class
c. \WEB-INF\classes\adobe\robohelp\server\Publish$PublishData.class
d. \WEB-INF\classes\adobe\robohelp\server\Publish$SessionData.class
e. \WEB-INF\classes\adobe\robohelp\server\Publish$SessionManager.class
f. \WEB-INF\classes\adobe\robohelp\server\CircularArray.class
g. \WEB-INF\classes\adobe\robohelp\server\CServerConstants.class
h. \WEB-INF\classes\adobe\robohelp\server\RoboHelpServer.class
i. \WEB-INF\web.xml
3. Extract and copy the files from the update zip to the relevant folder. Select “Yes to All” at the “Confirm Folder Replace” prompt.
4. Start Tomcat service.
For more details please refer to the Security Bulletin.
Adobe categorizes this as a critical issue and recommends affected users update their installations.
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_b.png?x-id=b621138a-3cf7-4752-b791-89aa25610795)
Need help with your web writing? Click here for a Free Quote
Comments on this entry are closed.