CVE-2016-3976

Name of the Vulnerable Software and Affected Versions SAP NetWeaver AS Java versions 7.1 through 7.5

Description The issue allows remote attackers to read arbitrary files via a .. (dot dot backslash) in the fileName parameter to "CrashFileDownloadServlet". This is due to a directory traversal vulnerability. The vulnerability can be exploited by sending a specially crafted malicious GET request to the "/XXX/CrashFileDownloadServlet" endpoint with the fileName parameter set to "..".

Recommendations For SAP NetWeaver AS Java versions 7.1 through 7.5, consider disabling the CrashFileDownloadServlet until a patch is available. Restrict access to the CrashFileDownloadServlet endpoint to minimize the risk of exploitation. Avoid using the fileName parameter in the affected API endpoint until the issue is resolved.