Vulnerabilities > CVE-2005-2297 - Unspecified vulnerability in Sybase Easerver

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
sybase
exploit available
metasploit
NVD
Published: 2005-07-19
Updated: 2024-11-20

Summary

Stack-based buffer overflow in TreeAction.do in Sybase EAServer 4.2.5 through 5.2 allows remote authenticated users to execute arbitrary code via a large javascript parameter.

Vulnerable Configurations

Part Description Count
Application
Sybase
4

Exploit-Db

descriptionSybase EAServer 5.2 Remote Stack Buffer Overflow. CVE-2005-2297. Remote exploit for windows platform
idEDB-ID:16766
last seen2016-02-02
modified2010-06-22
published2010-06-22
reportermetasploit
sourcehttps://www.exploit-db.com/download/16766/
titleSybase EAServer 5.2 - Remote Stack Buffer Overflow

Metasploit

descriptionThis module exploits a stack buffer overflow in the Sybase EAServer Web Console. The offset to the SEH frame appears to change depending on what version of Java is in use by the remote server, making this exploit somewhat unreliable.
idMSF:EXPLOIT/WINDOWS/HTTP/SYBASE_EASERVER
last seen2020-01-08
modified2017-07-24
published2007-01-26
referenceshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2297
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/http/sybase_easerver.rb
titleSybase EAServer 5.2 Remote Stack Buffer Overflow

Saint

bid14287
descriptionSybase EAServer WebConsole buffer overflow
iddatabase_sybaseeabo
osvdb17995
titlesybase_easerver
typeremote

References