COMMAND

    Sybase PowerDynamo

SYSTEMS AFFECTED

    Sybase PowerDynamo personal web server

PROBLEM

    Domas Mituzas  found that  Sybase PowerDynamo  personal web server
    knows how to handle ../../ queries.  One could see the whole  disk
    via  web  browser.   This  was  found  on  a  rather  new  release
    (3.0.0.652)  of  PD  personal  web  server,  that is included into
    Enterprise  Aplication  studio  and  together  with PowerDynamo in
    other boxes.   This "feature" works  both with static  and dynamic
    file sites (no check on database site).

    Of course, as  it is "personal"  web server, such  features may be
    left.  But as the same bugs were in MS and other servers, it is  a
    thing we should concern - why do software vendors not look at  old
    bugs of other products, so they could avoid theirs?

SOLUTION

    Should be fixed.