CVE-2005-2297

Published: Jul 19, 2005Modified: Apr 16, 2026

4.6

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 3.9 / Impact: 6.4

Source: NVD

Description

Stack-based buffer overflow in TreeAction.do in Sybase EAServer 4.2.5 through 5.2 allows remote authenticated users to execute arbitrary code via a large javascript parameter.

Affected (4)

Products: Sybase: Easerver

Sybase

1 product

Easerver

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Sybase Easerver	Version 4.2.5
Sybase Easerver	Version 5.0
Sybase Easerver	Version 5.1
Sybase Easerver	Version 5.2

References (10)

http://marc.info/?l=bugtraq&m=112146180532313&w=2

Source: cve@mitre.org

http://secunia.com/advisories/16108

Source: cve@mitre.org

http://securitytracker.com/id?1014497

Source: cve@mitre.org

http://www.spidynamics.com/spilabs/advisories/sybaseEAserverOverflow.htm

Source: cve@mitre.org

PatchVendor Advisory

http://www.sybase.com/detail?id=1036742

Source: cve@mitre.org

PatchVendor Advisory

http://marc.info/?l=bugtraq&m=112146180532313&w=2