Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Servers :: sybasepd.htm

Sybase PowerDynamo personal web server Directory traversal vulnerability



Vulnerability

    Sybase PowerDynamo

Affected

    Sybase PowerDynamo personal web server

Description

    Domas Mituzas  found that  Sybase PowerDynamo  personal web server
    knows how to handle ../../ queries.  One could see the whole  disk
    via  web  browser.   This  was  found  on  a  rather  new  release
    (3.0.0.652)  of  PD  personal  web  server,  that is included into
    Enterprise  Aplication  studio  and  together  with PowerDynamo in
    other boxes.   This "feature" works  both with static  and dynamic
    file sites (no check on database site).

    Of course, as  it is "personal"  web server, such  features may be
    left.  But as the same bugs were in MS and other servers, it is  a
    thing we should concern - why do software vendors not look at  old
    bugs of other products, so they could avoid theirs?

Solution

    Should be fixed.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH