Sybase plugs holes in Application Server
A security update to EAServer from the SAP company Sybase closes two vulnerabilities that could be remotely exploited. According to the manufacturer's report, attackers could exploit a directory traversal vulnerability to read arbitrary files on the server. Sybase states that it would also be possible to install unauthorised web services on EAServer, making it possible to gain control of the server.
Updates are available to correct the problem on the affected versions of EAServer: 5.x and 6.x, on all supported platforms. Registered Sybase users can apply the updates through Sybase EBF's after logging in to the EBF Download Area of the Sybase web site or by downloading full versions from the Sybase Product Download Cente.
Other products, such as Sybase Appeon 6.x, Sybase Replication Server 15.x and Sybase WorkSpace 2.x, are also affected as these include EAServer.