HTTP: SAP SQL Anywhere Data Provider Column Alias Remote Stack Buffer Overflow
This signature detects attempts to exploit a known vulnerability against SAP. A successful exploit can result in a buffer overflow and arbitrary code execution.
Extended Description
Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote attackers to execute arbitrary code via a crafted column alias.
Affected Products
Sap sql_anywhere
References
CVE: CVE-2014-9264
Short Name
HTTP:STC:SAP-SQL-ALIAS-BOF
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Alias Anywhere Buffer CVE-2014-9264 Column Data Overflow Provider Remote SAP SQL Stack
Release Date
02/06/2015
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
srx-12.3
Sigpack Version
3832
False Positive
Rarely
Vendors
Sap
CVSS Score
7.5