CVE-2011-0497 Information

Description

Directory traversal vulnerability in Sybase EAServer 6.x before 6.3 ESD2 as used in Appeon Replication Server Messaging Edition (RSME) and WorkSpace allows remote attackers to read arbitrary files via ../\\ (dot dot forward-slash backslash) sequences in a crafted request.

Reference

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=889 http://osvdb.org/70427 http://secunia.com/advisories/42904 http://www.securityfocus.com/bid/45809 http://www.sybase.com/detail?id=1091057 http://www.vupen.com/english/advisories/2011/0125 https://exchange.xforce.ibmcloud.com/vulnerabilities/64695