Vulnerabilities > CVE-2006-5784 - Remote Information Disclosure vulnerability in SAP web Application Server 6.40/7.00
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a "3200+SYSNR" TCP port, as demonstrated by port 3201. NOTE: this issue can be leveraged by local users to access a named pipe as the SAPServiceJ2E user.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
| description | SAP Web Application Server 6.40 Arbitrary File Disclosure Exploit. CVE-2006-5784. Remote exploit for windows platform |
| file | exploits/windows/remote/3291.pl |
| id | EDB-ID:3291 |
| last seen | 2016-01-31 |
| modified | 2007-02-08 |
| platform | windows |
| port | |
| published | 2007-02-08 |
| reporter | Nicob |
| source | https://www.exploit-db.com/download/3291/ |
| title | SAP Web Application Server 6.40 - Arbitrary File Disclosure Exploit |
| type | remote |
References
- http://secunia.com/advisories/22677
- http://securityreason.com/securityalert/1828
- http://www.securityfocus.com/archive/1/450394/100/0/threaded
- http://www.securityfocus.com/archive/1/459499/100/0/threaded
- http://www.securityfocus.com/bid/20877
- http://www.securitytracker.com/id?1017628
- http://www.vupen.com/english/advisories/2006/4318
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29982
- https://www.exploit-db.com/exploits/3291