CVE-2006-5784

Name of the Vulnerable Software and Affected Versions: SAP Web Application Server versions 6.40 before patch 136 SAP Web Application Server versions 7.00 before patch 66

Description: The issue allows remote attackers to read arbitrary files by sending crafted data on a "3200+SYSNR" TCP port. This can be demonstrated by exploiting port 3201. Additionally, local users can leverage this issue to access a named pipe as the SAPServiceJ2E user.

Recommendations: For SAP Web Application Server version 6.40, apply patch 136 to resolve the issue. For SAP Web Application Server version 7.00, apply patch 66 to resolve the issue. As a temporary workaround, consider restricting access to the "3200+SYSNR" TCP port to minimize the risk of exploitation.