Vulnerabilities > CVE-2011-1517 - Remote Code Execution and Denial of Service vulnerability in SAP Netweaver 7.0

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
sap
NVD
Published: 2020-02-05
Updated: 2020-02-07

Summary

SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function. By sending a specially-crafted packet, an attacker could exploit this vulnerability to cause the application to crash.

Vulnerable Configurations

Part Description Count
Application
Sap
1

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/112538/CORE-2012-0123.txt
idPACKETSTORM:112538
last seen2016-12-05
published2012-05-08
reporterCore Security Technologies
sourcehttps://packetstormsecurity.com/files/112538/SAP-Netweaver-7.0-EHP1-EHP2-Buffer-Overflows.html
titleSAP Netweaver 7.0 EHP1/EHP2 Buffer Overflows

Seebug

  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:72871
    last seen2017-11-19
    modified2014-07-01
    published2014-07-01
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-72871
    titleSAP Netweaver Dispatcher Multiple Vulnerabilities
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:74568
    last seen2017-11-19
    modified2014-07-01
    published2014-07-01
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-74568
    titlesap netweaver dispatcher 7.0 ehp1/2 - Multiple Vulnerabilities

References