ID

VAR-201605-0004


CVE

CVE-2010-5326


TITLE

SAP Netweaver Invoker Servlet Remote code execution vulnerability

Trust: 1.7

sources: IVD: 39506c1a-1f8e-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-2905 // BID: 48925 // CNNVD: CNNVD-201107-453

DESCRIPTION

The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a "Detour" attack. Attacks on this vulnerability 2013 From 2016 Observed in year. This vulnerability "Detour" It is called an attack. Vendors have confirmed this vulnerability SAP Security Note 1445998 It is released as.By a third party HTTP Or HTTPS Arbitrary code may be executed via a request. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. The SAP Netweaver Invoker Servlet has a security vulnerability that allows an attacker to call any servlet even if it is declared in a web.xml file. This includes any servlet classes available in the application classloader, such as those in the WEB-INF\\classes, WEB-INF\\lib, and WEB-INF\\additinal-lib application directories. Multiple servlets included with Java applications are not designed for direct client access, but instead interact inside the application, thus causing arbitrary calls to be performed and invisible operations on the SAP server. An attacker may leverage this issue to execute arbitrary script code within the context of the affected application

Trust: 2.97

sources: NVD: CVE-2010-5326 // JVNDB: JVNDB-2016-002737 // CNVD: CNVD-2011-2905 // BID: 90533 // BID: 48925 // IVD: 39506c1a-1f8e-11e6-abef-000c29c66e3d // VULMON: CVE-2010-5326

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 39506c1a-1f8e-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-2905

AFFECTED PRODUCTS

vendor:sapmodel:netweaverscope:eqversion:7.30

Trust: 1.5

vendor:sapmodel:netweaverscope:eqversion:7.0

Trust: 1.1

vendor:sapmodel:netweaver application server javascope:lteversion:7.30

Trust: 1.0

vendor:sapmodel:netweaver sp15scope:eqversion:7.0

Trust: 0.9

vendor:sapmodel:netweaver sp8scope:eqversion:7.0

Trust: 0.9

vendor:sapmodel:netweaverscope:eqversion:7.10

Trust: 0.9

vendor:sapmodel:netweaverscope:eqversion:7.02

Trust: 0.9

vendor:sapmodel:netweaverscope:eqversion:7.01

Trust: 0.9

vendor:sapmodel:netweaver application server javascope:ltversion:7.3

Trust: 0.8

vendor:sapmodel:solution managerscope:eqversion:0

Trust: 0.3

vendor:sapmodel:supply chain managementscope:eqversion:0

Trust: 0.3

vendor:sapmodel:product lifecycle managementscope:eqversion:0

Trust: 0.3

vendor:sapmodel:netweaver composition environmentscope:eqversion:0

Trust: 0.3

vendor:sapmodel:exchange infrastructurescope:eqversion:0

Trust: 0.3

vendor:sapmodel:enterprise portalscope:eqversion:0

Trust: 0.3

vendor:sapmodel:netweaver sp15scope:eqversion:7.0*

Trust: 0.2

vendor:sapmodel:netweaver sp8scope:eqversion:7.0*

Trust: 0.2

vendor:sapmodel:netweaverscope:eqversion:7.10*

Trust: 0.2

vendor:sapmodel:netweaverscope:eqversion:7.30*

Trust: 0.2

vendor:sapmodel:netweaverscope:eqversion:7.02*

Trust: 0.2

vendor:sapmodel:netweaverscope:eqversion:7.01*

Trust: 0.2

sources: IVD: 39506c1a-1f8e-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-2905 // BID: 90533 // BID: 48925 // JVNDB: JVNDB-2016-002737 // CNNVD: CNNVD-201605-399 // NVD: CVE-2010-5326

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-5326
value: CRITICAL

Trust: 1.0

NVD: CVE-2010-5326
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201605-399
value: CRITICAL

Trust: 0.6

IVD: 39506c1a-1f8e-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

VULMON: CVE-2010-5326
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2010-5326
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

IVD: 39506c1a-1f8e-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

nvd@nist.gov: CVE-2010-5326
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2010-5326
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 39506c1a-1f8e-11e6-abef-000c29c66e3d // VULMON: CVE-2010-5326 // JVNDB: JVNDB-2016-002737 // CNNVD: CNNVD-201605-399 // NVD: CVE-2010-5326

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2010-5326

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201107-453 // CNNVD: CNNVD-201605-399

TYPE

Code injection

Trust: 0.8

sources: IVD: 39506c1a-1f8e-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201107-453

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-002737

PATCH

title:Invoker Servleturl:http://help.sap.com/saphelp_nw70ehp2/helpdata/en/bb/f2b9d88ba4e8459e5a69cb513597ec/frameset.htm

Trust: 0.8

title:US-CERT アラート情報:SAP セキュリティノート 1445998 で解決済みの問題について再度のお知らせurl:https://support.sap.com/ja.html

Trust: 0.8

title:Patch for SAP Netweaver Invoker Servlet Remote Code Execution Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/4568

Trust: 0.6

title:SAP NetWeaver Application Server Invoker Servlet Fixes for arbitrary code execution vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61715

Trust: 0.6

title:The Registerurl:https://www.theregister.co.uk/2021/04/06/sap_patch_attacks/

Trust: 0.2

title:Threatposturl:https://threatpost.com/sap-bugs-cyberattack-compromise/165265/

Trust: 0.1

sources: CNVD: CNVD-2011-2905 // VULMON: CVE-2010-5326 // JVNDB: JVNDB-2016-002737 // CNNVD: CNNVD-201605-399

EXTERNAL IDS

db:BIDid:48925

Trust: 3.2

db:NVDid:CVE-2010-5326

Trust: 2.8

db:USCERTid:TA16-132A

Trust: 2.5

db:BIDid:90533

Trust: 2.0

db:CNVDid:CNVD-2011-2905

Trust: 0.8

db:JVNDBid:JVNDB-2016-002737

Trust: 0.8

db:CNNVDid:CNNVD-201107-453

Trust: 0.6

db:CNNVDid:CNNVD-201605-399

Trust: 0.6

db:IVDid:39506C1A-1F8E-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:VULMONid:CVE-2010-5326

Trust: 0.1

sources: IVD: 39506c1a-1f8e-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-2905 // VULMON: CVE-2010-5326 // BID: 90533 // BID: 48925 // JVNDB: JVNDB-2016-002737 // CNNVD: CNNVD-201107-453 // CNNVD: CNNVD-201605-399 // NVD: CVE-2010-5326

REFERENCES

url:https://www.onapsis.com/threat-report-tip-iceberg-wild-exploitation-cyber-attacks-sap-business-applications

Trust: 2.5

url:http://www.onapsis.com/research/publications/sap-security-in-depth-vol4-the-invoker-servlet-a-dangerous-detour-into-sap-java-solutions

Trust: 2.5

url:http://www.us-cert.gov/ncas/alerts/ta16-132a

Trust: 2.5

url:http://www.securityfocus.com/bid/48925

Trust: 2.3

url:http://www.securityfocus.com/bid/90533

Trust: 1.8

url:http://service.sap.com/sap/support/notes/1445998

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5326

Trust: 0.8

url:http://jvn.jp/ta/jvnta91951276/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-5326

Trust: 0.8

url:http://www.securityfocus.com/bid/48925/info

Trust: 0.6

url:http://www.onapsis.com/resources/download.php?id=7wkeuqheij%2bqq3jv4qpdjl1ffrxqqxpj5uloink%2bzeilka6bds1fhqzomd%2bpokyossoouymyxkdykay2dgrh&lang=en .

Trust: 0.6

url:http://www.sap.com/platform/netweaver/index.epx

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.theregister.co.uk/2021/04/06/sap_patch_attacks/

Trust: 0.1

url:https://threatpost.com/sap-bugs-cyberattack-compromise/165265/

Trust: 0.1

sources: CNVD: CNVD-2011-2905 // VULMON: CVE-2010-5326 // BID: 90533 // BID: 48925 // JVNDB: JVNDB-2016-002737 // CNNVD: CNNVD-201107-453 // CNNVD: CNNVD-201605-399 // NVD: CVE-2010-5326

CREDITS

Onapsis Security

Trust: 1.2

sources: BID: 90533 // BID: 48925 // CNNVD: CNNVD-201107-453

SOURCES

db:IVDid:39506c1a-1f8e-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2011-2905
db:VULMONid:CVE-2010-5326
db:BIDid:90533
db:BIDid:48925
db:JVNDBid:JVNDB-2016-002737
db:CNNVDid:CNNVD-201107-453
db:CNNVDid:CNNVD-201605-399
db:NVDid:CVE-2010-5326

LAST UPDATE DATE

2024-08-14T13:47:23.087000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2011-2905date:2011-07-29T00:00:00
db:VULMONid:CVE-2010-5326date:2021-04-20T00:00:00
db:BIDid:90533date:2016-07-05T22:21:00
db:BIDid:48925date:2011-07-28T00:00:00
db:JVNDBid:JVNDB-2016-002737date:2016-05-20T00:00:00
db:CNNVDid:CNNVD-201107-453date:2011-08-01T00:00:00
db:CNNVDid:CNNVD-201605-399date:2021-04-22T00:00:00
db:NVDid:CVE-2010-5326date:2021-04-20T18:41:50.707

SOURCES RELEASE DATE

db:IVDid:39506c1a-1f8e-11e6-abef-000c29c66e3ddate:2011-07-29T00:00:00
db:CNVDid:CNVD-2011-2905date:2011-07-29T00:00:00
db:VULMONid:CVE-2010-5326date:2016-05-13T00:00:00
db:BIDid:90533date:2016-05-11T00:00:00
db:BIDid:48925date:2011-07-28T00:00:00
db:JVNDBid:JVNDB-2016-002737date:2016-05-20T00:00:00
db:CNNVDid:CNNVD-201107-453date:1900-01-01T00:00:00
db:CNNVDid:CNNVD-201605-399date:2016-05-16T00:00:00
db:NVDid:CVE-2010-5326date:2016-05-13T10:59:00.173