This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote Sybase install is affected by an arbitrary file disclosure
The remote Sybase EAServer install is affected by an arbitrary file
disclosure vulnerability. It is possible to view any file on the system
by utilizing XML external entity injection in specially crafted XML data
sent to the REST service on the remote host.
Note that hosts that are affected by this vulnerability are potentially
affected by other vulnerabilities that Nessus has not tested for.
See also :
Apply the appropriate patch per the vendor's advisory.
Risk factor :
High / CVSS Base Score : 7.8
CVSS Temporal Score : 6.1
Public Exploit Available : true
Family: CGI abuses
Nessus Plugin ID: 69171 ()
Bugtraq ID: 6061461358
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.