Internet Communication Manager Denial Of Service Attack

Credit: NGSSoftware
Risk: High
Local: No
Remote: Yes
CWE: CWE-Other

CVSS Base Score: 7.8/10
Impact Subscore: 6.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Complete

======= Summary ======= Name: Internet Communication Manager Denial Of Service Attack Release Date: 5 July 2007 Reference: NGS00484 Discover: Mark Litchfield <mark (at) ngssoftware (dot) com [email concealed]> Vendor: SAP Vendor Reference: SECRES-287 Systems Affected: Confirmed on Windows (unconfirmed on *NIX) Risk: High Status: Fixed ======== TimeLine ======== Discovered: 3 January 2007 Released: 19 January 2007 Approved: 29 January 2007 Reported: 11 January 2007 Fixed: 2 May 2007 Published: =========== Description =========== Internet Communication Manager ensures communication between the SAP Web Application Server with the WWW using the HTTP, HTTPS and SMTP protocols. ICM is part of the SAP Web Application Server and is implemented as an independent process (ICMAN.exe) and is started and monitored by the dispatcher. The Internet Communication Manager also offers the ICM Server Cache as part of its functionality, using the ICM server cache increases performance considerably. The ICM server cache (also known as the Internet Server Cache saves HTTP(S) objects before they are sent back to the requesting client. The next time an object is requested, the application gets the contents directly from the cache before sending it to the client. However, it is possible to configure the Web dispatcher to act as a web cache. For more information visit - 68d2e74/content.htm. A method by which to determine if the Internet Communication Manager is acting as the web cache, we can make the following request: http://target/foo.gif?sap-isc-key=ngs An error will be returned: 500 Internal Server Error ___________________________________________________________ Error: -15 Version: 7010 Component: HTTP_CACHE Date/Time: xxxxxxxxxxxxxxxx Module: http_cache.c Line: 2640 Server: Target_JP1_01 Error Tag: {-} Detail: Object not found (key='ngs') ================= Technical Details ================= By passing a URI of 264 bytes the ICMAN.exe process terminates. This includes the length of the requested file, the file extension, the ?, the paramter 'sap-isc-key=' and the value. This is an very effective Denial of Service attack within a SAP environment. =============== Fix Information =============== Please ensure you have the latest version NGSSoftware Insight Security Research +44(0)208 401 0070

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024,


Back to Top