SAP NetWeaver 'msg_server.exe' Remote Code Execution and Denial of Service Vulnerabilities
BID:57956
CVE-2013-1593 | CVE-2013-1592 |Info
SAP NetWeaver 'msg_server.exe' Remote Code Execution and Denial of Service Vulnerabilities
| Bugtraq ID: | 57956 |
| Class: | Unknown |
| CVE: |
CVE-2013-1592 CVE-2013-1593 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 13 2013 12:00AM |
| Updated: | Jun 12 2013 06:46PM |
| Credit: | Martin Gallo and Francisco Falcon |
| Vulnerable: |
SAP NetWeaver 2004s 0 |
| Not Vulnerable: | |
Discussion
SAP NetWeaver 'msg_server.exe' Remote Code Execution and Denial of Service Vulnerabilities
SAP NetWeaver is prone to a remote code-execution vulnerability and a denial-of-service vulnerability.
Successfully exploiting these issues may allow an attacker to execute arbitrary code with the privileges of the user running the affected application or cause denial-of-service conditions.
The following products are affected:
SAP Netweaver 2004s
SAP Netweaver 7.01 SR1
SAP Netweaver 7.02 SP06
SAP Netweaver 7.30 SP04
SAP NetWeaver is prone to a remote code-execution vulnerability and a denial-of-service vulnerability.
Successfully exploiting these issues may allow an attacker to execute arbitrary code with the privileges of the user running the affected application or cause denial-of-service conditions.
The following products are affected:
SAP Netweaver 2004s
SAP Netweaver 7.01 SR1
SAP Netweaver 7.02 SP06
SAP Netweaver 7.30 SP04
Exploit / POC
SAP NetWeaver 'msg_server.exe' Remote Code Execution and Denial of Service Vulnerabilities
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
A proof-of-concept is available. Please see the reference for more details.
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
A proof-of-concept is available. Please see the reference for more details.
Solution / Fix
References
SAP NetWeaver 'msg_server.exe' Remote Code Execution and Denial of Service Vulnerabilities
References:
References:
- SAP NetWeaver Homepage (SAP)