Lucene search

[email protected]CVE-2014-0995

HistoryNov 06, 2014 - 3:55 p.m.

CVE-2014-0995

2014-11-0615:55:06

CWE-20

[email protected]

web.nvd.nist.gov

sap

netweaver

standalone

enqueue server

denial of service

cve-2014-0995

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.5 Medium

AI Score

Confidence

Low

0.041 Low

EPSS

Percentile

92.2%

JSON

The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern.

Affected configurations

NVD

Node

sapnetweaverRange≤7.01

sapnetweaverMatch7.20

CPENameOperatorVersion
sap:netweaversap netweaverle7.01
sap:netweaversap netweavereq7.20

CPE	Name	Operator	Version
sap:netweaver	sap netweaver	le	7.01
sap:netweaver	sap netweaver	eq	7.20

References

blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/

packetstormsecurity.com/files/128726/SAP-Netweaver-Enqueue-Server-Trace-Pattern-Denial-Of-Service.html

seclists.org/fulldisclosure/2014/Oct/76

secunia.com/advisories/60950

www.coresecurity.com/advisories/sap-netweaver-enqueue-server-trace-pattern-denial-service-vulnerability

www.securityfocus.com/archive/1/533719/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/97610

twitter.com/SAP_Gsupport/status/522750365780160513

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.5 Medium

AI Score

Confidence

Low

0.041 Low

EPSS

Percentile

92.2%

JSON

Related for CVE-2014-0995

packetstorm1 coresecurity1 exploitpack1 prion1 cvelist1 securityvulns2 zdt1 seebug1 nvd1 exploitdb1