Sign-up

ID

VAR-200611-0202


CVE

CVE-2006-5785


TITLE

SAP Web Application Server Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2006-003419

DESCRIPTION

Unspecified vulnerability in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to cause a denial of service (enserver.exe crash) via a 0x72F2 sequence on UDP port 64999. Exploiting this issue allows remote attackers to consume excessive system resources until the software becomes unresponsive to further calls, effectively denying service to legitimate users. These versions are affected: - 6.40 patch 135 and prior - 7.00 patch 55 and prior. ---------------------------------------------------------------------- To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German. The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios. 1) Due to an unspecified error it is possible to read arbitrary files on the system with privileges of the web server. 2) An unspecified error allows crashing the enserver.exe process. The vulnerabilities are reported in version 6.40 and 7.00. PROVIDED AND/OR DISCOVERED BY: Nicob ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.98

sources: NVD: CVE-2006-5785 // JVNDB: JVNDB-2006-003419 // BID: 20873 // PACKETSTORM: 51593

AFFECTED PRODUCTS

vendor:sapmodel:web application serverscope:eqversion:6.40

Trust: 1.9

vendor:sapmodel:web application serverscope:eqversion:7.00

Trust: 1.6

vendor:sapmodel:web application serverscope:ltversion:patch 136

Trust: 0.8

vendor:sapmodel:web application serverscope:eqversion:7.0

Trust: 0.3

sources: BID: 20873 // JVNDB: JVNDB-2006-003419 // CNNVD: CNNVD-200611-118 // NVD: CVE-2006-5785

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-5785
value: MEDIUM

Trust: 1.0

NVD: CVE-2006-5785
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200611-118
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2006-5785
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2006-003419 // CNNVD: CNNVD-200611-118 // NVD: CVE-2006-5785

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2006-5785

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200611-118

TYPE

Design Error

Trust: 0.9

sources: BID: 20873 // CNNVD: CNNVD-200611-118

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-003419

PATCH
title:SAP Web Application Serverurl:http://www.sap.com:80/solutions/netweaver/webappserver/index.asp
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2006-003419

EXTERNAL IDS
db:NVDid:CVE-2006-5785
Trust: 2.4
db:BIDid:20873
Trust: 1.9
db:SECUNIAid:22677
Trust: 1.7
db:SREASONid:1828
Trust: 1.6
db:VUPENid:ADV-2006-4318
Trust: 1.6
db:SECTRACKid:1017628
Trust: 1.6
db:JVNDBid:JVNDB-2006-003419
Trust: 0.8
db:BUGTRAQid:20070208 MULTIPLE VULNERABILITIES IN SAP WEBAS 6.40 AND 7.00 (TECHNICALDETAILS)
Trust: 0.6
db:BUGTRAQid:20061102 MULTIPLE VULNERABILITIES IN SAP WEB APPLICATION SERVER 6.40 AND7.00
Trust: 0.6
db:XFid:29981
Trust: 0.6
db:CNNVDid:CNNVD-200611-118
Trust: 0.6
db:PACKETSTORMid:51593
Trust: 0.1
sources:
            
            
            BID: 20873 // 
            
            
            
            JVNDB: JVNDB-2006-003419 // 
            
            
            
            PACKETSTORM: 51593 // 
            
            
            
            CNNVD: CNNVD-200611-118 // 
            
            
            
            NVD: CVE-2006-5785

REFERENCES
url:http://secunia.com/advisories/22677
Trust: 1.6
url:http://www.securitytracker.com/id?1017628
Trust: 1.6
url:http://www.securityfocus.com/bid/20873
Trust: 1.6
url:http://securityreason.com/securityalert/1828
Trust: 1.6
url:http://www.securityfocus.com/archive/1/450394/100/0/threaded
Trust: 1.0
url:http://www.securityfocus.com/archive/1/459499/100/0/threaded
Trust: 1.0
url:http://www.vupen.com/english/advisories/2006/4318
Trust: 1.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/29981
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5785
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5785
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/29981
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/450394/100/0/threaded
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2006/4318
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/459499/100/0/threaded
Trust: 0.6
url:http://www.sap.com
Trust: 0.3
url:/archive/1/450394
Trust: 0.3
url:/archive/1/450779
Trust: 0.3
url:/archive/1/451061
Trust: 0.3
url:http://secunia.com/product/6087/
Trust: 0.1
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
url:http://corporate.secunia.com/products/48/?r=l
Trust: 0.1
url:http://secunia.com/advisories/22677/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://corporate.secunia.com/how_to_buy/15/?r=l
Trust: 0.1
url:http://secunia.com/product/3327/
Trust: 0.1
sources:
            
            
            BID: 20873 // 
            
            
            
            JVNDB: JVNDB-2006-003419 // 
            
            
            
            PACKETSTORM: 51593 // 
            
            
            
            CNNVD: CNNVD-200611-118 // 
            
            
            
            NVD: CVE-2006-5785

CREDITS
Nicob nicob@nicob.net
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200611-118

SOURCES
db:BIDid:20873
db:JVNDBid:JVNDB-2006-003419
db:PACKETSTORMid:51593
db:CNNVDid:CNNVD-200611-118
db:NVDid:CVE-2006-5785

LAST UPDATE DATE
2024-08-14T13:50:36.306000+00:00

SOURCES UPDATE DATE
db:BIDid:20873date:2006-11-13T21:57:00
db:JVNDBid:JVNDB-2006-003419date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200611-118date:2007-08-08T00:00:00
db:NVDid:CVE-2006-5785date:2018-10-17T21:45:02.967

SOURCES RELEASE DATE
db:BIDid:20873date:2006-11-02T00:00:00
db:JVNDBid:JVNDB-2006-003419date:2012-12-20T00:00:00
db:PACKETSTORMid:51593date:2006-11-03T00:05:01
db:CNNVDid:CNNVD-200611-118date:2006-11-07T00:00:00
db:NVDid:CVE-2006-5785date:2006-11-07T23:07:00