Sign-up

ID

VAR-201309-0338


CVE

CVE-2013-5751


TITLE

SAP NetWeaver Directory Traversal Vulnerability

Trust: 0.9

sources: BID: 62391 // CNNVD: CNNVD-201309-235

DESCRIPTION

Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors. SAP NetWeaver is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application. This may aid in further attacks

Trust: 1.89

sources: NVD: CVE-2013-5751 // JVNDB: JVNDB-2013-004189 // BID: 62391

AFFECTED PRODUCTS

vendor:sapmodel:netweaverscope:eqversion:7.30

Trust: 1.9

vendor:sapmodel:netweaverscope:eqversion:7.10

Trust: 1.9

vendor:sapmodel:netweaverscope:eqversion:7.03

Trust: 1.9

vendor:sapmodel:netweaverscope:eqversion:7.02

Trust: 1.9

vendor:sapmodel:netweaverscope:eqversion:7.01

Trust: 1.9

vendor:sapmodel:netweaverscope:eqversion:7.0

Trust: 1.9

vendor:sapmodel:netweaverscope:eqversion:7.x

Trust: 0.8

vendor:sapmodel:netweaver sp04scope:eqversion:7.30

Trust: 0.3

vendor:sapmodel:netweaver sp06scope:eqversion:7.02

Trust: 0.3

vendor:sapmodel:netweaver sr1scope:eqversion:7.01

Trust: 0.3

vendor:sapmodel:netweaver sp8scope:eqversion:7.0

Trust: 0.3

vendor:sapmodel:netweaver sp15scope:eqversion:7.0

Trust: 0.3

vendor:sapmodel:netweaver ehp2scope:eqversion:7.0

Trust: 0.3

vendor:sapmodel:netweaver ehp1scope:eqversion:7.0

Trust: 0.3

sources: BID: 62391 // JVNDB: JVNDB-2013-004189 // CNNVD: CNNVD-201309-235 // NVD: CVE-2013-5751

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5751
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5751
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201309-235
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2013-5751
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2013-004189 // CNNVD: CNNVD-201309-235 // NVD: CVE-2013-5751

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2013-004189 // NVD: CVE-2013-5751

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-235

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201309-235

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004189

PATCH
title:Acknowledgments to Security Researchersurl:http://scn.sap.com/docs/DOC-8218
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004189

EXTERNAL IDS
db:NVDid:CVE-2013-5751
Trust: 2.7
db:SECUNIAid:54809
Trust: 1.6
db:BIDid:62391
Trust: 1.3
db:OSVDBid:97350
Trust: 1.0
db:JVNDBid:JVNDB-2013-004189
Trust: 0.8
db:CNNVDid:CNNVD-201309-235
Trust: 0.6
sources:
            
            
            BID: 62391 // 
            
            
            
            JVNDB: JVNDB-2013-004189 // 
            
            
            
            CNNVD: CNNVD-201309-235 // 
            
            
            
            NVD: CVE-2013-5751

REFERENCES
url:http://en.securitylab.ru/lab/pt-2012-24
Trust: 2.4
url:https://websmp230.sap-ag.de/sap/support/notes/1779578
Trust: 1.6
url:http://secunia.com/advisories/54809
Trust: 1.6
url:http://scn.sap.com/docs/doc-8218
Trust: 1.6
url:http://osvdb.org/97350
Trust: 1.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/87121
Trust: 1.0
url:http://www.securityfocus.com/bid/62391
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5751
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5751
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004189 // 
            
            
            
            CNNVD: CNNVD-201309-235 // 
            
            
            
            NVD: CVE-2013-5751

CREDITS
Pavel Toporkov of Positive Technologies
Trust: 0.3
sources:
            
            
            BID: 62391

SOURCES
db:BIDid:62391
db:JVNDBid:JVNDB-2013-004189
db:CNNVDid:CNNVD-201309-235
db:NVDid:CVE-2013-5751

LAST UPDATE DATE
2024-11-23T22:08:29.656000+00:00

SOURCES UPDATE DATE
db:BIDid:62391date:2015-04-13T21:01:00
db:JVNDBid:JVNDB-2013-004189date:2013-09-19T00:00:00
db:CNNVDid:CNNVD-201309-235date:2013-09-25T00:00:00
db:NVDid:CVE-2013-5751date:2024-11-21T01:58:03.113

SOURCES RELEASE DATE
db:BIDid:62391date:2013-09-13T00:00:00
db:JVNDBid:JVNDB-2013-004189date:2013-09-19T00:00:00
db:CNNVDid:CNNVD-201309-235date:2013-09-25T00:00:00
db:NVDid:CVE-2013-5751date:2013-09-16T19:14:40.037