Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2297

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2005-2297
Last Modified 05 Sep 2008 04:51:24
Published 19 Jul 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-2297

Summary

Stack-based buffer overflow in TreeAction.do in Sybase EAServer 4.2.5 through 5.2 allows remote authenticated users to execute arbitrary code via a large javascript parameter.

Vulnerable Systems

Application

  • Sybase Easerver 4.2.5

  • Sybase Easerver 5.0

  • Sybase Easerver 5.1

  • Sybase Easerver 5.2


References

CONFIRM - http://www.sybase.com/detail?id=1036742

MISC - http://www.spidynamics.com/spilabs/advisories/sybaseEAserverOverflow.htm

BUGTRAQ - 20050715 Stack-Based Buffer Overflow in Sybase EAServer 4.2.5 to 5.2

SECTRACK - 1014497

SECUNIA - 16108


Last Updated: 27 May 2016 10:40:28