Vulnerabilities > CVE-2013-1593 - Improper Validation of Array Index vulnerability in SAP Netweaver
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
Packetstorm
| data source | https://packetstormsecurity.com/files/download/120350/CORE-2012-1128.txt |
| id | PACKETSTORM:120350 |
| last seen | 2016-12-05 |
| published | 2013-02-15 |
| reporter | Core Security Technologies |
| source | https://packetstormsecurity.com/files/120350/SAP-Netweaver-Message-Server-Buffer-Overflow.html |
| title | SAP Netweaver Message Server Buffer Overflow |
Seebug
| bulletinFamily | exploit |
| description | No description provided by source. |
| id | SSV:78223 |
| last seen | 2017-11-19 |
| modified | 2014-07-01 |
| published | 2014-07-01 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-78223 |
| title | SAP Netweaver Message Server Multiple Vulnerabilities |