Close

HAVE QUESTIONS?

A partner account manager can help. Contact us today.

 Subscribe me to your mailing list

[ERPSCAN-15-010] Sybase SQL Anywhere 11 and 16 – DoS

Application: Sybase SQL Anywhere 11 and 16
Vendor URL: http://www.sybase.com
Bugs: DoS
Reported: 09.12.2014
Vendor response: 10.12.2014
Date of Public Advisory: 15.03.2015
Reference: SAP Security Note 2108161
Authors: Vahagn Vardanyan (ERPScan)

VULNERABILITY INFORMATION
Class: DoS [CWE-122]
Impact: DoS
Remotely Exploitable: Yes
Locally Exploitable: No
CVE Name: CVE-2015-2819

Business Risk
It is possible to use denial of service to terminate the process of the vulnerable component. As a result, nobody can use this service, which has a negative influence on business processes. System downtime also harms business reputation.

Description
An anonymous attacker can use a special request to crash the Sybase SQL Anywhere process on the server.

VULNERABLE PACKAGES
SYBASE SQL Anywhere 12 and 16
Other versions are probably affected too, but they were not checked.

SOLUTIONS AND WORKAROUNDS
To correct this vulnerability, install SAP Security Note 2108161.

TECHNICAL DESCRIPTION
An anonymous attacker can use a special request to crash the Sybase SQL Anywhere process on the server.

Defense

To prevent this issue as well as a plethora of other vulnerabilities that may affect your systems, ERPScan provides the following services: