• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Note 1852064 - Directory traversal in EAServer

Главная Специалистам База уязвимостей Note 1852064 - Directory traversal in EAServer

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
(AV:N/AC:L/AU:N/C:P/I:P/A:PSAP)
Производитель ПО
SAP
Наименование ПО
SAP Notes (1852064-5)
Описание
Directory-Traversal /Read-only directory traversal: EAServer fails to  correctly validate the path that is used to reference a file that is  read from the remote server. As a result, an attacker can potentially  direct the program to an arbitrary other file in the system, disclosing its contents.Directory-Traversal /Read-write or write directory traversal: EAServer  fails to correctly validate the path to which a user-submitted file is  written. As a result, an attacker can potentially overwrite data in the remote system.
Как исправить
Please download EBF from http://download.sybase.com, here is the EBF number and EAServer platform information,21178 - Windows x86 32-bit21179 - Sun Solaris SPARC 32-bit21180 - Linux x86 32-bit21181 - HP-UX Itanium 32-bit21182 - IBM AIX 32-bitPlease download EBF from http://download.sybase.com, here is the EBF number and EAServer 6.2 platform information,21183 - Windows x86 32-bit21184 - Sun Solaris SPARC 32-bit21185 - Linux x86 32-bit21186 - HP-UX Itanium 32-bit21187 - IBM AIX 32-bit.
Ссылки