Application: SAP AS JAVA SSO Authentication Library **Versions Affected:**SAP AS JAVA SSO Authentication Library 2.0-3.0 **Vendor URL: ** SAP **Bugs:**DoS **Reported:**01.11.2016 **Vendor response:**02.11.2016 **Date of Public Advisory:**10.01.2017 **Reference:**SAP Security Note 2389042 Author: Vahagn Vardanyan (ERPScan)
Class: Denial of service
Impact: direct impact on availability
Remotely Exploitable: yes
Locally Exploitable: no
CVE: CVE-2017-7696
CVSS Base Score v3: 7.5 / 10
CVSS Base Vector:
AV: Attack Vector (Related exploit range) | Network (N) |
---|---|
AC: Attack Complexity (Required attack complexity) | Low (L) |
PR: Privileges Required (Level of privileges needed to exploit) | None (N) |
UI: User Interaction (Required user participation) | None (N) |
S: Scope (Change in scope due to impact caused to components beyond the vulnerable component) | Unchanged (U) |
C: Impact to Confidentiality | None (N) |
I: Impact to Integrity | None(N) |
A: Impact to Availability | High (H) |
If a certain request is sent, a server will try to generate a large image that takes a long time to process.
An attacker can use a Denial of Service vulnerability to terminate the process of a vulnerable component. In the meantime, nobody can use this service. This fact negatively influences business processes, system downtime, and business reputation.
SSO AUTHENTICATION LIBRARY 2.0
SSO AUTHENTICATION LIBRARY 3.0
To correct this vulnerability, install SAP Security Note 2389042.
If the request is sent, server will try to generate a large image (100000000 px) server side, consequently, it takes all internal memory to generate the image.
http://SAP_SERVER:50000/otp_logon_ui_resources/qr?url=aaa&width=100000000&height=100000000
1
|
http://SAP_SERVER:50000/otp_logon_ui_resources/qr?url=aaa&width=100000000&height=100000000
—|—