Sybase EAServer Multiple Security Vulnerabilities Network Vulnerability

Summary

Sybase EAServer is prone to multiple security vulnerabilities.

Impact

Successful exploits will allow attackers to download and upload arbitrary files on the affected computer, obtain potentially sensitive information and execute arbitrary commands with the privileges of the user running the affected application. Impact Level: System/Application

Solution

Updates are available.

Insight

1. A directory-traversal vulnerability 2. An XML External Entity injection 3. A command execution vulnerability

Affected

Sybase EAServer 6.3.1 and prior are vulnerable.

Detection

Send a crafted HTTP XML POST request and check the response.

References

http://www.securityfocus.com/bid/61358
http://www.sybase.com/products/modelingdevelopment/easerver

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Artmedic Kleinanzeigen File Inclusion Vulnerability
A-Blog 'sources/search.php' SQL Injection Vulnerability
ARRIS 2307 Unprotected Web Console
artmedic_links5 File Inclusion Vulnerability
AVTECH DVR Multiple Vulnerabilities

Take action and discover your vulnerabilities