PT-2017-12616 · Sap · Sap Netweaver Application Server Java

我不兽

Published

2017-08-07

Updated

2025-03-27

CVE-2017-12637

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server Java version 7.5

Description A directory traversal issue exists, allowing remote attackers to read arbitrary files by including a .. (dot dot) in the query string. This issue has been exploited in the wild.

Recommendations For SAP NetWeaver Application Server Java version 7.5, apply the fix as described in SAP Security Note 2486657 to resolve the issue.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2017-12637

Affected Products

Sap Netweaver Application Server Java

PT-2017-12616 · Sap · Sap Netweaver Application Server Java

CVE-2017-12637

Weakness Enumeration

Related Identifiers

Affected Products

References · 11