Detections
Analytics

Sybase EAServer 6.x < 6.3.1 ESD#3 Multiple Code Execution Vulnerabilities

critical Nessus Plugin ID 67172

Language:

Synopsis

The remote application server is affected by multiple code execution vulnerabilities.

Description

The version of Sybase EAServer installed on the remote host is 6.x prior to 6.3.1 ESD#3. It is, therefore, potentially affected by multiple code execution vulnerabilities in the handling of login packets.

Solution

Upgrade to Sybase EAServer 6.3.1 ESD#3 or later.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-11-245/

https://www.zerodayinitiative.com/advisories/ZDI-11-246/

http://www.sybase.com/detail?id=1094235

Plugin Details

Severity: Critical

ID: 67172

File Name: sybase_easerver_631_esd3.nasl

Version: 1.10

Type: remote

Family: CGI abuses

Published: 7/3/2013

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:sybase:easerver

Required KB Items: www/sybase_easerver

Exploit Ease: No known exploits are available

Patch Publication Date: 7/28/2011

Vulnerability Publication Date: 7/28/2011

Reference Information

BID: 48934