ID
VAR-201411-0223
CVE
CVE-2014-8592
TITLE
SAP NetWeaver Used in SAP Host Agent Service disruption in (DoS) Vulnerabilities
Trust: 0.8
DESCRIPTION
Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via a crafted request. SAP NetWeaver is prone to multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to exhaust available CPU and memory resources, denying service to legitimate users SAP NetWeaver 7.02, and 7.30 are vulnerable; other versions may also be affected
Trust: 1.89
AFFECTED PRODUCTS
| vendor: | sap | model: | netweaver | scope: | eq | version: | 7.02 | Trust: 2.7 |
| vendor: | sap | model: | netweaver | scope: | eq | version: | 7.30 | Trust: 1.9 |
| vendor: | sap | model: | netweaver | scope: | eq | version: | 7.3 | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-noinfo | Trust: 1.0 |
THREAT TYPE
remote
Trust: 0.6
TYPE
Failure to Handle Exceptional Conditions
Trust: 0.3
CONFIGURATIONS
PATCH
| title: | SAP Security Note 1986725 | url: | http://scn.sap.com/docs/DOC-55451 | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2014-8592 | Trust: 2.7 |
| db: | JVNDB | id: | JVNDB-2014-005223 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201411-048 | Trust: 0.6 |
| db: | BID | id: | 71026 | Trust: 0.3 |
REFERENCES
| url: | http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/ | Trust: 2.7 |
| url: | https://service.sap.com/sap/support/notes/1986725 | Trust: 1.9 |
| url: | http://erpscan.com/advisories/erpscan-14-017-sap-netweaver-http-partial-http-post-requests-dos/ | Trust: 1.7 |
| url: | http://erpscan.com/advisories/erpscan-14-018-sap-netweaver-j2ee-engine-partial-http-post-requests-dos/ | Trust: 1.7 |
| url: | http://erpscan.com/advisories/erpscan-14-019-sap-netweaver-j2ee-engine-partial-http-post-requests-dos/ | Trust: 1.7 |
| url: | http://erpscan.com/advisories/erpscan-14-020-sap-netweaver-management-console-gsaop-partial-http-requests-dos/ | Trust: 1.7 |
| url: | http://erpscan.com/advisories/erpscan-14-021-sap-netweaver-management-console-gsaop-partial-http-post-requests-dos/ | Trust: 1.7 |
| url: | https://twitter.com/sap_gsupport/status/523111735637864448 | Trust: 1.6 |
| url: | https://erpscan.io/advisories/erpscan-14-018-sap-netweaver-j2ee-engine-partial-http-post-requests-dos/ | Trust: 1.0 |
| url: | https://erpscan.io/advisories/erpscan-14-021-sap-netweaver-management-console-gsaop-partial-http-post-requests-dos/ | Trust: 1.0 |
| url: | https://erpscan.io/advisories/erpscan-14-017-sap-netweaver-http-partial-http-post-requests-dos/ | Trust: 1.0 |
| url: | https://erpscan.io/advisories/erpscan-14-020-sap-netweaver-management-console-gsaop-partial-http-requests-dos/ | Trust: 1.0 |
| url: | https://erpscan.io/advisories/erpscan-14-019-sap-netweaver-j2ee-engine-partial-http-post-requests-dos/ | Trust: 1.0 |
| url: | https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/ | Trust: 1.0 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8592 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8592 | Trust: 0.8 |
| url: | http://www.sap.com/ | Trust: 0.3 |
| url: | www.sap.com/platform/netweaver | Trust: 0.3 |
CREDITS
Igor Ilyin, and Alexey Tyurin.
Trust: 0.3
SOURCES
| db: | BID | id: | 71026 |
| db: | JVNDB | id: | JVNDB-2014-005223 |
| db: | CNNVD | id: | CNNVD-201411-048 |
| db: | NVD | id: | CVE-2014-8592 |
LAST UPDATE DATE
2024-11-23T23:12:44.975000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 71026 | date: | 2014-10-17T00:00:00 |
| db: | JVNDB | id: | JVNDB-2014-005223 | date: | 2014-11-06T00:00:00 |
| db: | CNNVD | id: | CNNVD-201411-048 | date: | 2014-11-05T00:00:00 |
| db: | NVD | id: | CVE-2014-8592 | date: | 2024-11-21T02:19:24.017 |
SOURCES RELEASE DATE
| db: | BID | id: | 71026 | date: | 2014-10-17T00:00:00 |
| db: | JVNDB | id: | JVNDB-2014-005223 | date: | 2014-11-06T00:00:00 |
| db: | CNNVD | id: | CNNVD-201411-048 | date: | 2014-11-05T00:00:00 |
| db: | NVD | id: | CVE-2014-8592 | date: | 2014-11-04T15:55:07.827 |