Alpha Video Training
Results 1 to 2 of 2

Thread: Application Server Vulnerability Notice *UPDATED*

  1. #1
    Alpha Software Employee Lenny Forziati's Avatar
    Real Name
    Lenny Forziati
    Join Date
    Nov 2001
    Location
    Alpha Software
    Posts
    4,678

    Default Application Server Vulnerability Notice *UPDATED*

    Application Server Vulnerability Notice

    During routine server testing performed by a customer, a security vulnerability was discovered in the Application Server. This flaw will potentially allow an attacker to obtain sensitive information and is considered to be a high severity issue. This issue was discovered in routine testing and has not been exploited to Alpha Software's knowledge.

    Alpha Software recommends that all customers take immediate action as detailed below.


    SYSTEMS AFFECTED:
    • This issue affects the Alpha Anywhere Classic Application Server, the Alpha Five version 11 Application Server, and the Alpha Five version 10 Application Server.
    • The Alpha Anywhere Application Server for IIS is not affected by this vulnerability.
    • Alpha Five version 9 and prior have not been tested.


    REMEDIATION:
    Alpha Anywhere Application Server for IIS
    The Alpha Anywhere Application Server for IIS is not subject to this vulnerability. No action is required.

    Alpha Anywhere Classic Application Server
    A fix for this security vulnerability is available now for build 4770, the most recent official release of Alpha Anywhere Application Server.
    Click here to download now.

    Additionally, prereleases beginning with build 4940 include this fix.
    Prereleases are available from http://aadocuments.s3.amazonaws.com/...easeNotes.Html.

    Alpha Five Version 11 Application Server
    A fix for this security vulnerability in version 11 is available now for Alpha Five version 11 build 3381. Click here to download now. The downloaded ZIP file contains a single DLL that should be placed into your Application Server installation folder, overwriting the existing DLL file. No changes to your published applications will be required.

    Any server operators with a version 11 release prior to build 3381 should update to that release immediately, then apply the above update.

    Alpha Five Version 10 and prior
    Support for Alpha Five version 10 ended in October 2011, as a result, a fix for this vulnerability will not be released. Any operators with Version 10 or prior servers still in use should upgrade those systems to Alpha Anywhere or Alpha Five version 11 immediately, and then apply the correct update listed above. Otherwise, continue using these unsupported versions at your risk.

    Acknowledgments
    This vulnerability was discovered while testing was performed on a server hosted at ZebraHost. The discovery was reported by Nate Battles at ZebraHost, who then worked closely with Alpha Software to duplicate the issue and verify the fix. Thank you to Nate Battles and Clive Swanepoel of ZebraHost.
    Last edited by Lenny Forziati; 03-09-2018 at 10:24 AM. Reason: Updated downloads

    Lenny Forziati
    Vice President, Internet Products and Technical Services
    Alpha Software Corporation

  2. #2
    Alpha Software Employee Lenny Forziati's Avatar
    Real Name
    Lenny Forziati
    Join Date
    Nov 2001
    Location
    Alpha Software
    Posts
    4,678

    Default Re: Application Server Vulnerability Notice

    An update to Alpha Anywhere Application Server build 4770 is now available. The announcement above has been updated with the download information.

    Lenny Forziati
    Vice President, Internet Products and Technical Services
    Alpha Software Corporation

Similar Threads

  1. Application Server Vulnerability Notice *UPDATED*
    By Lenny Forziati in forum Application Server Version 10 - Web/Browser Applications
    Replies: 0
    Last Post: 03-07-2018, 04:51 PM
  2. Application Server Vulnerability Notice *UPDATED*
    By Lenny Forziati in forum Mobile & Browser Applications
    Replies: 0
    Last Post: 03-07-2018, 04:51 PM
  3. Application Server Vulnerability Notice *UPDATED*
    By Lenny Forziati in forum Application Server Version 11 - Web/Browser Applications
    Replies: 0
    Last Post: 03-07-2018, 04:51 PM
  4. Updated Web Application Framework from AlphaToGo
    By Steve Wood in forum Announcements
    Replies: 0
    Last Post: 02-23-2017, 02:52 PM
  5. NOTICE: Removal of the V9 Compatability Server
    By Lenny Forziati in forum Application Server Version 10 - Web/Browser Applications
    Replies: 7
    Last Post: 03-11-2010, 10:45 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •