Details of VAR-201608-0537

ID

VAR-201608-0537

TITLE

SAP NetWeaver Application Server Java Directory Traversal Vulnerability

Trust: 0.3

sources: BID: 92420

DESCRIPTION

SAP NetWeaver Application Server Java is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application. This may aid in further attacks. SAP NetWeaver 7.4 is vulnerable.

Trust: 0.3

sources: BID: 92420

AFFECTED PRODUCTS

vendor:	sap	model:	netweaver application server java	scope:	eq	version:	0	Trust: 0.3
vendor:	sap	model:	netweaver	scope:	eq	version:	7.4	Trust: 0.3

sources: BID: 92420

THREAT TYPE

network

Trust: 0.3

sources: BID: 92420

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 92420

EXTERNAL IDS

db:

BID

id:

92420

Trust: 0.3

sources: BID: 92420

REFERENCES

url:	www.sap.com/platform/netweaver	Trust: 0.3
url:	https://erpscan.com/advisories/erpscan-16-032-sap-netweaver-telnet-console-file-disclosure/	Trust: 0.3
url:	https://service.sap.com/sap/support/notes/2280371	Trust: 0.3

sources: BID: 92420

CREDITS

Mathieu GELI (ERPScan)

Trust: 0.3

sources: BID: 92420

SOURCES

db:

BID

id:

92420

LAST UPDATE DATE

2022-05-17T01:52:38.359000+00:00

SOURCES UPDATE DATE

db:

BID

id:

92420

date:

2016-08-08T00:00:00

SOURCES RELEASE DATE

db:

BID

id:

92420

date:

2016-08-08T00:00:00