Path Traversal in Sybase Appeon_for_powerbuilder
CVE-2011-0497
Directory traversal vulnerability in Sybase EAServer 6.x before 6.3 ESD#2, as used in Appeon, Replication Server Messaging Edition (RSME), and WorkSpace, allows remote attackers to read arbitrary files via "../\" (dot dot forward-slash bac…
Vulnerability class: Path Traversal (Directory Traversal)
EPSS: 0.022 (80.3th percentile) — read the EPSS interpretation.
Affected products
- Sybase Appeon_for_powerbuilder — versions 2.5, 2.6, 2.7
- Sybase Easerver — versions 5.0, 5.0.1, 5.1
- Sybase Replication_server — versions 15.2
- Sybase Sybase_workspace — versions 1.0, 1.5, 1.6
- N/a — versions n/a
Weakness classification (CWE)
References
- easerver-unspec-file-include(64695) (vdb-entry, x_refsource_XF)
- 42904 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
- 45809 (vdb-entry, x_refsource_BID)
- 70427 (x_refsource_OSVDB, vdb-entry)
- 20110110 Sybase EAServer Remote Directory Traversal Vulnerability (x_refsource_IDEFENSE, third-party-advisory)
- ADV-2011-0125 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)