Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:L/AU:N/C:P/I:P/A:PSAP)
Производитель ПО
Наименование ПО
SAP Notes
(1852064-5)
Описание
Directory-Traversal /Read-only directory traversal: EAServer fails to correctly validate the path that is used to reference a file that is read from the remote server. As a result, an attacker can potentially direct the program to an arbitrary other file in the system, disclosing its contents.Directory-Traversal /Read-write or write directory traversal: EAServer fails to correctly validate the path to which a user-submitted file is written. As a result, an attacker can potentially overwrite data in the remote system.
Как исправить
Please download EBF from http://download.sybase.com, here is the EBF number and EAServer platform information,21178 - Windows x86 32-bit21179 - Sun Solaris SPARC 32-bit21180 - Linux x86 32-bit21181 - HP-UX Itanium 32-bit21182 - IBM AIX 32-bitPlease download EBF from http://download.sybase.com, here is the EBF number and EAServer 6.2 platform information,21183 - Windows x86 32-bit21184 - Sun Solaris SPARC 32-bit21185 - Linux x86 32-bit21186 - HP-UX Itanium 32-bit21187 - IBM AIX 32-bit.
Ссылки