Adobe Connect Enterprise Server Information Disclosure Vulnerability

Bugtraq ID:	25640
Class:	Access Validation Error
CVE:	CVE-2007-4651
Remote:	Yes
Local:	No
Published:	Sep 11 2007 12:00AM
Updated:	Sep 11 2007 09:31PM
Credit:	The vendor disclosed this issue.
Vulnerable:	Adobe Connect Enterprise Server 6 SP2 Adobe Connect Enterprise Server 6 SP1 Adobe Connect Enterprise Server 6
Not Vulnerable:	Adobe Connect Enterprise Server 6 SP3

Adobe Connect Enterprise Server Information Disclosure Vulnerability

Adobe Connect Enterprise Server is prone to an information-disclosure vulnerability because it fails to perform adequate access validation on certain web pages.

Attackers can exploit this issue to access potentially sensitive information that could aid in further attacks.

Versions of Adobe Connect Enterprise Server 6 prior to Service Pack 3 are vulnerable.

Adobe Connect Enterprise Server Information Disclosure Vulnerability

An attacker can exploit this issue with a client application that can view pages hosted on the affected server.

Adobe Connect Enterprise Server Information Disclosure Vulnerability

Solution:
The vendor released an advisory and update to address this issue. Please see the references for more information.


Adobe Connect Enterprise Server 6

• Adobe patch_to_602_r389a2.zip
  http://download.macromedia.com/pub/connect/updaters/patch_to_602_r389a 2.zip

Adobe Connect Enterprise Server Information Disclosure Vulnerability

References:

• Connect Homepage (Adobe)
  
• APSB07-14 Patch available for Adobe Connect Enterprise Server information disclo (Adobe)