PT-2016-1705 · Sap · Sap Netweaver As Java

Publicado

2016-04-14

Atualizado

2018-12-10

CVE-2016-4015

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions SAP NetWeaver JAVA AS versions 7.1 through 7.4

Description The issue is related to errors in the code of the Enqueue Server component in SAP NetWeaver. It allows remote attackers to cause a denial of service, specifically a process crash, via a crafted request.

Recommendations For SAP NetWeaver JAVA AS versions 7.1 through 7.4, consider applying the fix as described in SAP Security Note 2258784 to resolve the issue. As a temporary workaround, consider restricting access to the Enqueue Server component to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-17

Identificadores relacionados

BDU:2016-01031

CVE-2016-4015

Produtos afetados

Sap Netweaver As Java

PT-2016-1705 · Sap · Sap Netweaver As Java

CVE-2016-4015

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7