CVE-2007-3614

Name of the Vulnerable Software and Affected Versions SAP DB versions 7.3 through 7.5

Description The issue is related to multiple stack-based buffer overflows in the waHTTP.exe component, also known as the SAP DB Web Server. This allows remote attackers to execute arbitrary code through various vectors, including a certain cookie value and an additional parameter related to sapdbwa GetQueryString, as well as numerous other fields.

Recommendations For SAP DB versions 7.3 through 7.5, consider restricting access to the waHTTP.exe component until a patch is available. As a temporary workaround, avoid using unspecified vectors related to numerous other fields in the SAP DB Web Server.