Vulnerabilities > CVE-2009-4603 - Denial Of Service vulnerability in SAP Kernel 'sapstartsrv'

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

sap

NVD

Published: 2010-01-12

Updated: 2010-01-13

Summary

Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service (Management Console shutdown) via a crafted request. NOTE: some of these details are obtained from third party information.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP SAP Kernel 6.40 SAP SAP Kernel 7.00 SAP SAP Kernel 7.01 SAP SAP Kernel 7.10 SAP SAP Kernel 7.11 SAP SAP Kernel 7.20 SAP SAP Netweaver 7.0 SAP SAP WEB Application Server 6.0	8

References

http://secunia.com/advisories/37684
http://www.cybsec.com/vuln/CYBSEC_SAP_sapstartsrv_DoS.pdf
http://www.securityfocus.com/bid/37286
http://www.securitytracker.com/id?1023319
https://service.sap.com/sap/support/notes/1302231