Executive Summary
Summary | |
---|---|
Title | SAP Message Server heap buffer overflow |
Informations | |||
---|---|---|---|
Name | VU#305657 | First vendor Publication | 2007-07-09 |
Vendor | VU-CERT | Last vendor Modification | 2007-07-16 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#305657SAP Message Server heap buffer overflowOverviewThe SAP Message Server contains a flaw that may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition.I. DescriptionThe SAP Message Server is used to exchange and regulate messages between servers in a SAP network. A heap-based buffer overflow vulnerability exists in the Message Server. This vulnerability can be exploited by sending a request with a malformed group parameter to a vulnerable Message Server.The SAP Message Server listens on TCP ports 3600 and 8100 (HTTP) by default. The Message Server may also open a port for HTTPS. If multiple instances of the Message Server are deployed on the same network, they are allocated ports based on instance number. According to public reports, this vulnerability is addressed in the latest version of the SAP Message Server. SAP users should contact SAP for more information.
References
This vulnerability was reported by Mark Litchfield of NGSSoftware. This document was written by Jeff Gennari.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/305657 |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
38096 | SAP Message Server HTTP Server /msgserver/html/group Remote Overflow |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | SAP Message Server Heap buffer overflow attempt RuleID : 14600 - Revision : 6 - Type : SERVER-OTHER |