Vulnerabilities > CVE-2013-1593 - Improper Validation of Array Index vulnerability in SAP Netweaver
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
Packetstorm
data source | https://packetstormsecurity.com/files/download/120350/CORE-2012-1128.txt |
id | PACKETSTORM:120350 |
last seen | 2016-12-05 |
published | 2013-02-15 |
reporter | Core Security Technologies |
source | https://packetstormsecurity.com/files/120350/SAP-Netweaver-Message-Server-Buffer-Overflow.html |
title | SAP Netweaver Message Server Buffer Overflow |
Seebug
bulletinFamily | exploit |
description | No description provided by source. |
id | SSV:78223 |
last seen | 2017-11-19 |
modified | 2014-07-01 |
published | 2014-07-01 |
reporter | Root |
source | https://www.seebug.org/vuldb/ssvid-78223 |
title | SAP Netweaver Message Server Multiple Vulnerabilities |
References
- http://www.securityfocus.com/bid/57956
- http://www.securityfocus.com/bid/57956
- http://www.securitytracker.com/id/1028148
- http://www.securitytracker.com/id/1028148
- https://exchange.xforce.ibmcloud.com/vulnerabilities/82065
- https://exchange.xforce.ibmcloud.com/vulnerabilities/82065
- https://packetstormsecurity.com/files/cve/CVE-2013-1593
- https://packetstormsecurity.com/files/cve/CVE-2013-1593
- https://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities
- https://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities