Technical Communication

Summary: A critical vulnerability exists in the current version of RoboHelp Server 8. This vulnerability could result in an unauthenticated user uploading and executing arbitrary code.

Solution: Adobe recommends all RoboHelp Server 8 users update their RoboHelp installations by applying the update using the instructions below:

1. Stop Tomcat service if its running.
2. Backup the following files:
a. \WEB-INF\classes\adobe\robohelp\server\Publish.class
b. \WEB-INF\classes\adobe\robohelp\server\Publish$1.class
c. \WEB-INF\classes\adobe\robohelp\server\Publish$PublishData.class
d. \WEB-INF\classes\adobe\robohelp\server\Publish$SessionData.class
e. \WEB-INF\classes\adobe\robohelp\server\Publish$SessionManager.class
f. \WEB-INF\classes\adobe\robohelp\server\CircularArray.class
g. \WEB-INF\classes\adobe\robohelp\server\CServerConstants.class
h. \WEB-INF\classes\adobe\robohelp\server\RoboHelpServer.class
i. \WEB-INF\web.xml
3. Extract and copy the files from the update zip to the relevant folder. Select "Yes to All" at the "Confirm Folder Replace" prompt.
4. Start Tomcat service.

For more details please refer to the Security Bulletin.