Short Name |
HTTP:OVERFLOW:SYBASE-WEBCONSOLE |
---|---|
Severity |
Critical |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Sybase EAServer WebConsole Buffer Overflow |
Release Date |
2005/08/16 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects an attempt to exploit a known vulnerability in the Sybase EAServer WebConsole. Sybase EAServer versions 5.2 and earlier are vulnerable. By supplying a maliciously crafted URL request, the client can potentially execute arbitrary commands on the server with daemon permissions.
Sybase EAServer is affected by a remote buffer-overflow vulnerability. The vulnerability exists in the server's WebConsole. A successful attack can overflow a finite-sized buffer and ultimately lead to arbitrary code execution in the context of the 'jagsrv.exe' process. This may allow the attacker to gain elevated privileges. Note that an attacker needs to provide authentication credentials before carrying out this attack.