Sybase EAServer Directory Traversal Vulnerability Network Vulnerability

Summary

Sybase EAServer is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to view arbitrary files within the context of the webserver. Information harvested may aid in launching further attacks.

Solution

The vendor has released fixes. Please see the references for more information.

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=912
http://www.securityfocus.com/bid/47987
http://www.sybase.com/detail?id=1093216
http://www.sybase.com/products/modelingdevelopment/easerver

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-2474

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
An Image Gallery Directory Traversal Vulnerability
Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability
AdaptCMS 'init.php' Remote File Include Vulnerability
Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities

Take action and discover your vulnerabilities