Adobe web server wide open
One of Adobe web server's CGI scripts contains a critical directory traversal vulnerability which allows access to arbitrary system files. Opening a specially crafted URL in a browser is all that is required to display file contents. Apart from config files it is also possible to view log files, SSL keys and password files. Which key pair the retrievable private SSL key belongs to remains to be established; so far it does not seem to correspond to any of the known Adobe SSL certificates.
It is unclear whether this vulnerability affects Adobe's web shop and allows the retrieval of customer data. However, URLs are already being circulated in forums and chats, and it should only be a matter of time until someone accesses this type of information. Adobe has already been informed about the problem via email. We must wait and see how quickly the software company will respond.