Vulnerabilities > Sybase > Easerver > 4.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-08-15 | CVE-2012-4340 | Cross-Site Scripting vulnerability in Sybase Easerver Cross-site scripting (XSS) vulnerability in Sybase EAServer before 6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2002-12-31 | CVE-2002-1861 | Unspecified vulnerability in Sybase Easerver 4.0 Sybase Enterprise Application Server 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). | 5.0 |