Description

SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to denial of service vulnerability.

Related CPE's

a

sap

netweaver_application_server_java

7

References

http://packetstormsecurity.com/files/166965/SAP-NetWeaver-Java-Denial-Of-Service.html

PatchThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2022/May/4

Mailing ListPatchThird Party Advisory

https://launchpad.support.sap.com/#/notes/3056652

Permissions Required

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506

Vendor Advisory

Weaknesses

[email protected]

Primary
NVD-CWE-noinfo

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-07-14T12:15:08.243

3 years ago

Last modified

2022-05-12T20:15:54.793

3 years ago