|
Description
|
|
Two vulnerabilities have been identified in Sybase EAServer, which could be exploited by remote attackers to gain knowledge of sensitive information or take complete control of a vulnerable system.
The first issue is caused by a design error which could allow remote attackers to install arbitrary web services and execute malicious code.
The second vulnerability is caused by an input validation error which could allow attackers to read arbitrary files via a directory traversal.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
Sybase EAServer versions 6.xSybase EAServer versions 5.xSybase Appeon versions 6.xSybase Replication Server Messaging Edition version 15.2Sybase WorkSpace version 2.0Sybase WorkSpace version 2.1Sybase WorkSpace version 2.1.2Sybase WorkSpace version 2.5
|
|
|
|
|
|
Solution
|
|
Apply patches :
http://www.sybase.com/detail?id=1091057
|
|
|
|
|
|
CVE
|
|
CVE-2011-0497
CVE-2011-0496
|
|
|
|
|
|
References
|
|
http://www.sybase.com/detail?id=1091057
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
