Vulnerability CVE-2014-0995


Published: 2014-11-06

Description:
The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
SAP Netweaver Enqueue Server Trace Pattern Denial Of Service
CORE
17.10.2014

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
SAP -> Netweaver 

 References:
http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/
http://packetstormsecurity.com/files/128726/SAP-Netweaver-Enqueue-Server-Trace-Pattern-Denial-Of-Service.html
http://seclists.org/fulldisclosure/2014/Oct/76
http://www.coresecurity.com/advisories/sap-netweaver-enqueue-server-trace-pattern-denial-service-vulnerability
http://www.securityfocus.com/archive/1/533719/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/97610
https://twitter.com/SAP_Gsupport/status/522750365780160513

Copyright 2024, cxsecurity.com

 

Back to Top