PT-2017-12616 · Sap · Sap Netweaver Application Server Java

我不兽

Publicado

2017-08-07

Atualizado

2025-03-27

CVE-2017-12637

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server Java version 7.5

Description A directory traversal issue exists, allowing remote attackers to read arbitrary files by including a .. (dot dot) in the query string. This issue has been exploited in the wild.

Recommendations For SAP NetWeaver Application Server Java version 7.5, apply the fix as described in SAP Security Note 2486657 to resolve the issue.

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2017-12637

Produtos afetados

Sap Netweaver Application Server Java

PT-2017-12616 · Sap · Sap Netweaver Application Server Java

CVE-2017-12637

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11