Sybase EAServer 6.3.1 < 6.3.1.07 Build 63107 / 6.2 < 6.2.0.12 Build 62012 Multiple Vulnerabilities

critical Nessus Plugin ID 67007

Synopsis

The remote application server is affected by multiple vulnerabilities.

Description

The version of Sybase EAServer installed on the remote host is 6.3.1 earlier than 6.3.1.07 Build 63107 or 6.2 earlier than 6.2.0.12 Build 62012. As such, it is potentially affected by multiple vulnerabilities :

- An unspecified error can be exploited to access otherwise inaccessible, deployed applications.

- An unspecified error can be exploited to disclose the contents of arbitrary directories and files.

- An unspecified error within the WSH service can be exploited to disclose certain credentials from unspecified configuration files and execute arbitrary OS commands.

Note that the second and third issues only affect version 6.3.1 of EAServer.

Solution

Upgrade to Sybase EAServer 6.2.0.12 Build 62012 / 6.3.1.07 Build 63107 or later.

See Also

http://www.sybase.com/detail?id=1099353

http://forums.cnet.com/7726-6132_102-5468915.html

Plugin Details

Severity: Critical

ID: 67007

File Name: sybase_easerver_631_sp1_pl07.nasl

Version: 1.10

Type: remote

Family: CGI abuses

Published: 6/27/2013

Updated: 6/3/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:sybase:easerver

Required KB Items: www/sybase_easerver

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/17/2013

Vulnerability Publication Date: 6/17/2013

Reference Information

BID: 60614, 61358

IAVA: 2013-A-0123-S