ID

VAR-201604-0660


CVE

CVE-2016-3976


TITLE

SAP NetWeaver AS Java Vulnerable to directory traversal

Trust: 0.8

sources: JVNDB: JVNDB-2016-002003

DESCRIPTION

Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971. SAP NetWeaver AS Java Contains a directory traversal vulnerability. SAP NetWeaver is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application. This may aid in further attacks

Trust: 1.98

sources: NVD: CVE-2016-3976 // JVNDB: JVNDB-2016-002003 // BID: 85946 // VULMON: CVE-2016-3976

AFFECTED PRODUCTS

vendor:sapmodel:netweaver application server javascope:lteversion:7.50

Trust: 1.0

vendor:sapmodel:netweaver application server javascope:gteversion:7.10

Trust: 1.0

vendor:sapmodel:netweaverscope:eqversion:7.1 to 7.5

Trust: 0.8

vendor:sapmodel:netweaverscope:eqversion:7.50

Trust: 0.6

vendor:sapmodel:netweaverscope:eqversion:7.20

Trust: 0.6

vendor:sapmodel:netweaverscope:eqversion:7.31

Trust: 0.6

vendor:sapmodel:netweaverscope:eqversion:7.10

Trust: 0.6

vendor:sapmodel:netweaverscope:eqversion:7.30

Trust: 0.6

vendor:sapmodel:netweaverscope:eqversion:7.40

Trust: 0.6

sources: JVNDB: JVNDB-2016-002003 // CNNVD: CNNVD-201604-099 // NVD: CVE-2016-3976

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-3976
value: HIGH

Trust: 1.0

NVD: CVE-2016-3976
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201604-099
value: HIGH

Trust: 0.6

VULMON: CVE-2016-3976
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-3976
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2016-3976
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2016-3976
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2016-3976 // JVNDB: JVNDB-2016-002003 // CNNVD: CNNVD-201604-099 // NVD: CVE-2016-3976

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2016-002003 // NVD: CVE-2016-3976

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201604-099

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201604-099

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-002003

EXPLOIT AVAILABILITY

sources: VULMON: CVE-2016-3976

PATCH

title:SAP Security Note 2234971url:http://scn.sap.com/docs/DOC-55451

Trust: 0.8

title:SAP NetWeaver AS Java Fixes for directory traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60830

Trust: 0.6

title:The Registerurl:https://www.theregister.co.uk/2021/04/06/sap_patch_attacks/

Trust: 0.2

title:Known Exploited Vulnerabilities Detectorurl:https://github.com/Ostorlab/KEV

Trust: 0.1

title:Threatposturl:https://threatpost.com/sap-bugs-cyberattack-compromise/165265/

Trust: 0.1

sources: VULMON: CVE-2016-3976 // JVNDB: JVNDB-2016-002003 // CNNVD: CNNVD-201604-099

EXTERNAL IDS

db:NVDid:CVE-2016-3976

Trust: 2.8

db:EXPLOIT-DBid:39996

Trust: 1.7

db:PACKETSTORMid:137528

Trust: 1.7

db:JVNDBid:JVNDB-2016-002003

Trust: 0.8

db:CNNVDid:CNNVD-201604-099

Trust: 0.6

db:BIDid:85946

Trust: 0.4

db:VULMONid:CVE-2016-3976

Trust: 0.1

sources: VULMON: CVE-2016-3976 // BID: 85946 // JVNDB: JVNDB-2016-002003 // CNNVD: CNNVD-201604-099 // NVD: CVE-2016-3976

REFERENCES

url:https://www.exploit-db.com/exploits/39996/

Trust: 1.8

url:http://seclists.org/fulldisclosure/2016/jun/40

Trust: 1.7

url:http://packetstormsecurity.com/files/137528/sap-netweaver-as-java-7.5-directory-traversal.html

Trust: 1.7

url:https://erpscan.io/press-center/blog/sap-security-notes-march-2016-review/

Trust: 1.7

url:https://erpscan.io/advisories/erpscan-16-012/

Trust: 1.7

url:https://launchpad.support.sap.com/#/notes/2234971

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3976

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3976

Trust: 0.8

url:https://erpscan.com/advisories/erpscan-16-012/

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/22.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://threatpost.com/sap-bugs-cyberattack-compromise/165265/

Trust: 0.1

url:https://www.securityfocus.com/bid/85946

Trust: 0.1

sources: VULMON: CVE-2016-3976 // JVNDB: JVNDB-2016-002003 // CNNVD: CNNVD-201604-099 // NVD: CVE-2016-3976

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 85946

SOURCES

db:VULMONid:CVE-2016-3976
db:BIDid:85946
db:JVNDBid:JVNDB-2016-002003
db:CNNVDid:CNNVD-201604-099
db:NVDid:CVE-2016-3976

LAST UPDATE DATE

2024-08-14T14:27:27.034000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2016-3976date:2022-04-29T00:00:00
db:BIDid:85946date:2016-07-05T22:40:00
db:JVNDBid:JVNDB-2016-002003date:2016-08-31T00:00:00
db:CNNVDid:CNNVD-201604-099date:2021-11-11T00:00:00
db:NVDid:CVE-2016-3976date:2022-04-29T15:36:03.657

SOURCES RELEASE DATE

db:VULMONid:CVE-2016-3976date:2016-04-07T00:00:00
db:BIDid:85946date:2016-04-07T00:00:00
db:JVNDBid:JVNDB-2016-002003date:2016-04-13T00:00:00
db:CNNVDid:CNNVD-201604-099date:2016-04-08T00:00:00
db:NVDid:CVE-2016-3976date:2016-04-07T23:59:10.797