Vulnerabilities > CVE-2021-33670 - Unspecified vulnerability in SAP Netweaver Application Server Java
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to denial of service vulnerability.
Vulnerable Configurations
References
- http://packetstormsecurity.com/files/166965/SAP-NetWeaver-Java-Denial-Of-Service.html
- http://packetstormsecurity.com/files/166965/SAP-NetWeaver-Java-Denial-Of-Service.html
- http://seclists.org/fulldisclosure/2022/May/4
- http://seclists.org/fulldisclosure/2022/May/4
- https://launchpad.support.sap.com/#/notes/3056652
- https://launchpad.support.sap.com/#/notes/3056652
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506