Lucene search
PRIOn knowledge basePRION:CVE-2016-3974HistoryApr 07, 2016 - 7:59 p.m.
Xxe
2016-04-0719:59:00
PRIOn knowledge base
www.prio-n.com
5
XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to _tc~monitoring~webservice~web/ServerNodesWSService, aka SAP Security Note 2235994.
| CPE | Name | Operator | Version |
|---|---|---|---|
| netweaver_application_server_java | ge | 7.10 | |
| netweaver_application_server_java | le | 7.50 |
References
Related
packetstorm
packetstorm
SAP NetWeaver AS JAVA 7.5 XXE Injection
2016-06-17 00:00:00
erpscan
erpscan
SAP NetWeaver Java AS ctcprotocol servlet - XXE vulnerability
2015-10-20 00:00:00
cve
cve
CVE-2016-3974
2016-04-07 19:59:05
zdt
zdt
SAP NetWeaver AS JAVA 7.1 < 7.5 - ctcprotocol Servlet XXE
2016-06-21 00:00:00
cvelist
cvelist
CVE-2016-3974
2016-04-07 19:00:00
nvd
nvd
CVE-2016-3974
2016-04-07 19:59:05
exploitpack
exploitpack
SAP NetWeaver AS JAVA 7.1 7.5 - ctcprotocol Servlet XML External Entity
2016-06-21 00:00:00
exploitdb
exploitdb
openvas
openvas
SAP NetWeaver AS Java Multiple Vulnerabilities (2235994, 2234971, 2238375)
2016-06-21 00:00:00