CVE-2005-2297

Sybase EAServer 4.2.5-5.2 - Authenticated Stack-Based Buffer Overflow via TreeAction.do Javascript Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-2297. PoCs published by Metasploit, Unknown, including Metasploit module exploits/windows/http/sybase_easerver.

AI-analyzed exploit summary This exploit targets a stack buffer overflow in Sybase EAServer 5.2 Web Console via a maliciously crafted GET request to Login.jsp. It leverages SEH overwrites with varying offsets depending on the Java version in use.

Description

Stack-based buffer overflow in TreeAction.do in Sybase EAServer 4.2.5 through 5.2 allows remote authenticated users to execute arbitrary code via a large javascript parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16766

View Code ZIP pw:eip

This exploit targets a stack buffer overflow in Sybase EAServer 5.2 Web Console via a maliciously crafted GET request to Login.jsp. It leverages SEH overwrites with varying offsets depending on the Java version in use.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Racy

Target: Sybase EAServer 5.2

No auth needed

Prerequisites: Network access to the Sybase EAServer Web Console on port 8080 · Target must be running a vulnerable version of Sybase EAServer 5.2 with a compatible Java version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by Unknown · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/sybase_easerver.rb