Sybase ASA Ping Network Vulnerability

Summary

The remote database server is affected by an information disclosure vulnerability. Description : The remote Sybase SQL Anywhere / Adaptive Server Anywhere database is configured to listen for client connection broadcasts, which allows an attacker to see the name and port that the Sybase SQL Anywhere / Adaptive Server Anywhere server is running on.

Solution

Switch off broadcast listening via the '-sb' switch when starting Sybase.

References

http://www.sybase.com/products/databasemanagement/sqlanywhere

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Oracle MySQL Multiple Unspecified vulnerabilities - 01 Jan14 (Windows)
IBM DB2 XSLT Library Denial of Service Vulnerability
Oracle MySQL Server Component 'Optimizer' Unspecified vulnerability Oct-2013 (Windows)
PostgreSQL 'bitsubstr' Buffer Overflow Vulnerability
MongoDB engine_v8 Denial of Service Vulnerability

Take action and discover your vulnerabilities