Vulnerabilities > CVE-2005-2297 - Local Security vulnerability in EAServer
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Stack-based buffer overflow in TreeAction.do in Sybase EAServer 4.2.5 through 5.2 allows remote authenticated users to execute arbitrary code via a large javascript parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Exploit-Db
| description | Sybase EAServer 5.2 Remote Stack Buffer Overflow. CVE-2005-2297. Remote exploit for windows platform |
| id | EDB-ID:16766 |
| last seen | 2016-02-02 |
| modified | 2010-06-22 |
| published | 2010-06-22 |
| reporter | metasploit |
| source | https://www.exploit-db.com/download/16766/ |
| title | Sybase EAServer 5.2 - Remote Stack Buffer Overflow |
Metasploit
| description | This module exploits a stack buffer overflow in the Sybase EAServer Web Console. The offset to the SEH frame appears to change depending on what version of Java is in use by the remote server, making this exploit somewhat unreliable. |
| id | MSF:EXPLOIT/WINDOWS/HTTP/SYBASE_EASERVER |
| last seen | 2020-01-08 |
| modified | 2017-07-24 |
| published | 2007-01-26 |
| references | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2297 |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/http/sybase_easerver.rb |
| title | Sybase EAServer 5.2 Remote Stack Buffer Overflow |
Saint
| bid | 14287 |
| description | Sybase EAServer WebConsole buffer overflow |
| id | database_sybaseeabo |
| osvdb | 17995 |
| title | sybase_easerver |
| type | remote |