SAP NetWeaver Exportability Check Service Directory Traversal Vulnerability
BID:58090
Info
SAP NetWeaver Exportability Check Service Directory Traversal Vulnerability
| Bugtraq ID: | 58090 |
| Class: | Input Validation Error |
| CVE: |
CVE-2013-6821 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 31 2013 12:00AM |
| Updated: | Nov 21 2013 12:47AM |
| Credit: | Dmitry Chastukhin of ERPScan |
| Vulnerable: |
SAP NetWeaver 7.30 SAP NetWeaver 7.10 SAP NetWeaver 7.02 SAP NetWeaver 7.01 SAP NetWeaver 7.0 SP8 SAP NetWeaver 7.0 SP15 SAP NetWeaver 7.0 EHP2 SAP NetWeaver 7.0 EHP1 SAP NetWeaver 7.0 |
| Not Vulnerable: | |
Discussion
SAP NetWeaver Exportability Check Service Directory Traversal Vulnerability
SAP NetWeaver is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application. This may aid in further attacks.
SAP NetWeaver is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application. This may aid in further attacks.
Exploit / POC
SAP NetWeaver Exportability Check Service Directory Traversal Vulnerability
An attacker can exploit the issue through a browser.
An attacker can exploit the issue through a browser.
Solution / Fix
SAP NetWeaver Exportability Check Service Directory Traversal Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
SAP NetWeaver Exportability Check Service Directory Traversal Vulnerability
References:
References:
- SAP NetWeaver Homepage (SAP)