CVE-2011-2474

EXPLOITED

Sybase Easerver - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in the HTTP Server in Sybase EAServer 6.3.1 Developer Edition allows remote attackers to read arbitrary files via a /.\../\../\ sequence in a path.

Exploits (1)

metasploit WORKING POC

by Sow Ching Shiong, sinn3r · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/sybase_easerver_traversal.rb

View Code ZIP pw:eip

References (1)

[Third Party Advisory] http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=912

Scores

EPSS 0.1212

EPSS Percentile 93.8%

Details

VulnCheck KEV 2022-01-12

CWE

CWE-22

Status published

Products (1)

sybase/easerver 6.3.1

Published Jun 09, 2011

Tracked Since Feb 18, 2026