CVE-2016-3976

Published on: 04/07/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:03 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Certain versions of Netweaver from Sap contain the following vulnerability:

Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971.

  • CVE-2016-3976 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.5 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH NONE NONE

CVSS2 Score: 5 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL NONE NONE

CVE References

Description Tags Link
SAP NetWeaver AS JAVA 7.5 Directory Traversal ≈ Packet Storm packetstormsecurity.com
text/html
URL Logo MISC packetstormsecurity.com/files/137528/SAP-NetWeaver-AS-JAVA-7.5-Directory-Traversal.html
[ERPSCAN-16-012] SAP NetWeaver Java AS CrashFileDownloadServlet - Directory traversal vulnerability erpscan.io
text/html
URL Logo MISC erpscan.io/advisories/erpscan-16-012/
SAP Security Notes March 2016 - Review erpscan.io
text/html
URL Logo MISC erpscan.io/press-center/blog/sap-security-notes-march-2016-review/
SAP NetWeaver AS JAVA 7.1 < 7.5 - Directory Traversal - Java webapps Exploit www.exploit-db.com
Proof of Concept
text/html
URL Logo EXPLOIT-DB 39996
Full Disclosure: [ERPSCAN-16-012] SAP NetWeaver AS JAVA - directory traversal vulnerability seclists.org
text/html
URL Logo FULLDISC 20160618 [ERPSCAN-16-012] SAP NetWeaver AS JAVA - directory traversal vulnerability

Related QID Numbers

  • 87446 SAP NetWeaver AS JAVA Directory Traversal Vulnerability

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationSapNetweaver7.10AllAllAll
ApplicationSapNetweaver7.20AllAllAll
ApplicationSapNetweaver7.30AllAllAll
ApplicationSapNetweaver7.31AllAllAll
ApplicationSapNetweaver7.40AllAllAll
ApplicationSapNetweaver7.50AllAllAll
ApplicationSapNetweaver7.10AllAllAll
ApplicationSapNetweaver7.20AllAllAll
ApplicationSapNetweaver7.30AllAllAll
ApplicationSapNetweaver7.31AllAllAll
ApplicationSapNetweaver7.40AllAllAll
ApplicationSapNetweaver7.50AllAllAll
  • cpe:2.3:a:sap:netweaver:7.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:sap:netweaver:7.20:*:*:*:*:*:*:*:
  • cpe:2.3:a:sap:netweaver:7.30:*:*:*:*:*:*:*:
  • cpe:2.3:a:sap:netweaver:7.31:*:*:*:*:*:*:*:
  • cpe:2.3:a:sap:netweaver:7.40:*:*:*:*:*:*:*:
  • cpe:2.3:a:sap:netweaver:7.50:*:*:*:*:*:*:*:
  • cpe:2.3:a:sap:netweaver:7.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:sap:netweaver:7.20:*:*:*:*:*:*:*:
  • cpe:2.3:a:sap:netweaver:7.30:*:*:*:*:*:*:*:
  • cpe:2.3:a:sap:netweaver:7.31:*:*:*:*:*:*:*:
  • cpe:2.3:a:sap:netweaver:7.40:*:*:*:*:*:*:*:
  • cpe:2.3:a:sap:netweaver:7.50:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @tempest_sec As falhas são: CVE-2020-6287 (CVSS 10), CVE-2020-6207 (CVSS 9.8), CVE-2018-2380 (CVSS 6.6), CVE-2016-3976 (CVSS 7.5… twitter.com/i/web/status/1… 2021-04-07 17:12:18
Reddit Logo Icon /r/blueteamsec [PDF] ONAPSIS: Active Cyberattacks on Mission-Critical SAP Applications - CVE-2020-6287, CVE-2020-6207, CVE-2018-2380, CVE-2016-9563, CVE-2016-3976 and CVE-2010-5326 2021-04-07 11:10:22