Vulnerabilites related to sap - sap_netweaver
Vulnerability from fkie_nvd
Published
2010-01-12 17:30
Modified
2024-11-21 01:10
Severity ?
Summary
Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service (Management Console shutdown) via a crafted request. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | sap_kernel | 6.40 | |
| sap | sap_kernel | 7.00 | |
| sap | sap_kernel | 7.01 | |
| sap | sap_kernel | 7.10 | |
| sap | sap_kernel | 7.11 | |
| sap | sap_kernel | 7.20 | |
| sap | sap_netweaver | 7.0 | |
| sap | sap_web_application_server | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:sap_kernel:6.40:*:*:*:*:*:*:*",
"matchCriteriaId": "548D937D-FF7F-4B5B-98A2-50F5FBA7875D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.00:*:*:*:*:*:*:*",
"matchCriteriaId": "DA732B51-EF58-41D1-A012-195847AE9CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.01:*:*:*:*:*:*:*",
"matchCriteriaId": "78E8D3B9-CAF2-47FD-93C7-CCF6554BBA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9B8965F9-F10A-4F6A-830C-7D5D4596AA26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B09614D3-0B53-48FC-9E1F-05384AEFBE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "633CC2AD-4B48-4473-A818-93E40DCBEFBE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:sap_netweaver:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "813CC383-4123-45B0-A58A-78A8DC71FFE7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:sap:sap_web_application_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC17AFFF-324D-40F5-9305-1A049E16B7A3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service (Management Console shutdown) via a crafted request. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "vulnerabilidad inespec\u00edfica en sapstartsrv.exe en el kernel SAP v6.40, v7.00, v7.01, v7.10, v7.11, y v7.20, tal y como se utiliza en SAP NetWeaver v7.x y SAP Web Application Server v6.x y v7.x, permite a atacantes remotos producir una denegaci\u00f3n de servicio (apagado de la consola de administraci\u00f3n) a trav\u00e9s de una petici\u00f3n manipulada."
}
],
"id": "CVE-2009-4603",
"lastModified": "2024-11-21T01:10:01.607",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-12T17:30:01.197",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37684"
},
{
"source": "cve@mitre.org",
"url": "http://www.cybsec.com/vuln/CYBSEC_SAP_sapstartsrv_DoS.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37286"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1023319"
},
{
"source": "cve@mitre.org",
"url": "https://service.sap.com/sap/support/notes/1302231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cybsec.com/vuln/CYBSEC_SAP_sapstartsrv_DoS.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37286"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://service.sap.com/sap/support/notes/1302231"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2009-4603
Vulnerability from cvelistv5
Published
2010-01-12 17:00
Modified
2024-09-16 22:56
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service (Management Console shutdown) via a crafted request. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1023319 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/37684 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.cybsec.com/vuln/CYBSEC_SAP_sapstartsrv_DoS.pdf | x_refsource_MISC | |
| https://service.sap.com/sap/support/notes/1302231 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/37286 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:08:37.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1023319",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023319"
},
{
"name": "37684",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37684"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cybsec.com/vuln/CYBSEC_SAP_sapstartsrv_DoS.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://service.sap.com/sap/support/notes/1302231"
},
{
"name": "37286",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37286"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service (Management Console shutdown) via a crafted request. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-12T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1023319",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023319"
},
{
"name": "37684",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37684"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cybsec.com/vuln/CYBSEC_SAP_sapstartsrv_DoS.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://service.sap.com/sap/support/notes/1302231"
},
{
"name": "37286",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37286"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service (Management Console shutdown) via a crafted request. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1023319",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023319"
},
{
"name": "37684",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37684"
},
{
"name": "http://www.cybsec.com/vuln/CYBSEC_SAP_sapstartsrv_DoS.pdf",
"refsource": "MISC",
"url": "http://www.cybsec.com/vuln/CYBSEC_SAP_sapstartsrv_DoS.pdf"
},
{
"name": "https://service.sap.com/sap/support/notes/1302231",
"refsource": "MISC",
"url": "https://service.sap.com/sap/support/notes/1302231"
},
{
"name": "37286",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37286"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4603",
"datePublished": "2010-01-12T17:00:00Z",
"dateReserved": "2010-01-12T00:00:00Z",
"dateUpdated": "2024-09-16T22:56:36.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}