ID
VAR-201709-0547
CVE
CVE-2017-14581
TITLE
SAP NetWeaver AS JAVA Vulnerable to resource exhaustion
Trust: 0.8
sources:
JVNDB: JVNDB-2017-008409
DESCRIPTION
The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows remote attackers to cause a denial of service (service crash) via a crafted request, aka SAP Security Note 2389181. SAP NetWeaver AS JAVA Contains a resource exhaustion vulnerability. Vendors have confirmed this vulnerability SAP Security Note 2389181 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state
Trust: 1.62
sources:
NVD: CVE-2017-14581 //
JVNDB: JVNDB-2017-008409
AFFECTED PRODUCTS
| vendor: | sap | model: | netweaver application server java | scope: | lte | version: | 7.50 | Trust: 1.0 |
| vendor: | sap | model: | netweaver application server java | scope: | gte | version: | 7.00 | Trust: 1.0 |
| vendor: | sap | model: | netweaver application server java | scope: | eq | version: | 7.0 to 7.5 | Trust: 0.8 |
| vendor: | sap | model: | netweaver | scope: | eq | version: | 7.03 | Trust: 0.6 |
| vendor: | sap | model: | netweaver | scope: | eq | version: | 7.5 | Trust: 0.6 |
| vendor: | sap | model: | netweaver | scope: | eq | version: | 7.20 | Trust: 0.6 |
| vendor: | sap | model: | netweaver | scope: | eq | version: | 7.31 | Trust: 0.6 |
| vendor: | sap | model: | netweaver | scope: | eq | version: | 7.02 | Trust: 0.6 |
| vendor: | sap | model: | netweaver | scope: | eq | version: | 7.10 | Trust: 0.6 |
| vendor: | sap | model: | netweaver | scope: | eq | version: | 7.01 | Trust: 0.6 |
| vendor: | sap | model: | netweaver | scope: | eq | version: | 7.30 | Trust: 0.6 |
| vendor: | sap | model: | netweaver | scope: | eq | version: | 7.3 | Trust: 0.6 |
| vendor: | sap | model: | netweaver | scope: | eq | version: | 7.40 | Trust: 0.6 |
sources:
JVNDB: JVNDB-2017-008409 //
CNNVD: CNNVD-201709-799 //
NVD: CVE-2017-14581
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
JVNDB: JVNDB-2017-008409 //
CNNVD: CNNVD-201709-799 //
NVD: CVE-2017-14581
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-noinfo | Trust: 1.0 |
| problemtype: | CWE-400 | Trust: 0.8 |
sources:
JVNDB: JVNDB-2017-008409 //
NVD: CVE-2017-14581
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201709-799
TYPE
lack of information
Trust: 0.6
sources:
CNNVD: CNNVD-201709-799
CONFIGURATIONS
sources:
JVNDB: JVNDB-2017-008409
PATCH
| title: | June 2017 (2389181) | url: | https://blogs.sap.com/2017/06/13/sap-security-patch-day-june2017/ | Trust: 0.8 |
| title: | SAP NetWeaver Application Server JAVA Security vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74963 | Trust: 0.6 |
sources:
JVNDB: JVNDB-2017-008409 //
CNNVD: CNNVD-201709-799
EXTERNAL IDS
| db: | NVD | id: | CVE-2017-14581 | Trust: 2.4 |
| db: | JVNDB | id: | JVNDB-2017-008409 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201709-799 | Trust: 0.6 |
sources:
JVNDB: JVNDB-2017-008409 //
CNNVD: CNNVD-201709-799 //
NVD: CVE-2017-14581
REFERENCES
| url: | https://erpscan.io/advisories/erpscan-17-030-sap-hostcontrol-remote-dos/ | Trust: 1.6 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14581 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-14581 | Trust: 0.8 |
| url: | https://erpscan.com/advisories/erpscan-17-030-sap-hostcontrol-remote-dos/ | Trust: 0.8 |
sources:
JVNDB: JVNDB-2017-008409 //
CNNVD: CNNVD-201709-799 //
NVD: CVE-2017-14581
SOURCES
| db: | JVNDB | id: | JVNDB-2017-008409 |
| db: | CNNVD | id: | CNNVD-201709-799 |
| db: | NVD | id: | CVE-2017-14581 |
LAST UPDATE DATE
2024-11-23T22:38:25.669000+00:00
SOURCES UPDATE DATE
| db: | JVNDB | id: | JVNDB-2017-008409 | date: | 2017-10-17T00:00:00 |
| db: | CNNVD | id: | CNNVD-201709-799 | date: | 2021-04-22T00:00:00 |
| db: | NVD | id: | CVE-2017-14581 | date: | 2024-11-21T03:13:08.827 |
SOURCES RELEASE DATE
| db: | JVNDB | id: | JVNDB-2017-008409 | date: | 2017-10-17T00:00:00 |
| db: | CNNVD | id: | CNNVD-201709-799 | date: | 2017-09-19T00:00:00 |
| db: | NVD | id: | CVE-2017-14581 | date: | 2017-09-19T16:29:00.403 |