SAP NetWeaver Remote Code Execution and Denial of Service Vulnerabilities
BID:53424
CVE-2011-1517 |Info
SAP NetWeaver Remote Code Execution and Denial of Service Vulnerabilities
| Bugtraq ID: | 53424 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2012-2511 CVE-2012-2512 CVE-2012-2513 CVE-2012-2514 CVE-2012-2611 CVE-2012-2612 |
| Remote: | Yes |
| Local: | No |
| Published: | May 08 2012 12:00AM |
| Updated: | Sep 04 2012 05:50AM |
| Credit: | Core Security - Corelabs |
| Vulnerable: |
SAP NetWeaver 7.0 EHP2 SAP NetWeaver 7.0 EHP1 |
| Not Vulnerable: | |
Discussion
SAP NetWeaver Remote Code Execution and Denial of Service Vulnerabilities
SAP NetWeaver is prone to a remote code-execution vulnerability and multiple denial-of-service vulnerabilities.
Successfully exploiting these issues may allow an attacker to execute arbitrary code with the privileges of the user running the affected application or crash the application.
SAP NetWeaver is prone to a remote code-execution vulnerability and multiple denial-of-service vulnerabilities.
Successfully exploiting these issues may allow an attacker to execute arbitrary code with the privileges of the user running the affected application or crash the application.
Exploit / POC
SAP NetWeaver Remote Code Execution and Denial of Service Vulnerabilities
A proof-of-concept is available. Please see the reference for more details.
The following exploit is available:
A proof-of-concept is available. Please see the reference for more details.
The following exploit is available:
Solution / Fix
SAP NetWeaver Remote Code Execution and Denial of Service Vulnerabilities
Solution:
Vendor updates are available. Please contact the vendor for more information.
Solution:
Vendor updates are available. Please contact the vendor for more information.
References
SAP NetWeaver Remote Code Execution and Denial of Service Vulnerabilities
References:
References:
- SAP NetWeaver Homepage (SAP)
- SAP Netweaver Dispatcher Multiple Vulnerabilities (Core Security - Corelabs)