0day.today - Größte Exploit-Datenbank der Welt.
![](/img/logo_green.jpg)
Wir benutzen eine Hauptdomain DOMAIN_LINK
Wenn Du den Exploit kaufen, oder für einen Service bezahlen möchtest, musst Du Gold kaufen. Wir wollen nicht, dass Du unsere Seite als ein Werkzeug für Aktivitäten wie Hacking verwendest. Illegale Aktionen, die andere Benutzer oder Webseiten betreffen, für die Du keine Zugriffsrechte hast, führen dazu, dass der Account gebannt und alle Daten von diesem unwiderruflich gelöscht werden.
Die Administratoren dieser Seite benutzen nur die offiziellen Kontaktdaten. Achte auf Betrüger!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Lies [ Vereinbarung ]
- Lies [ Senden ] Regeln
- Besuche [ FAQ ] page
- [ Registrieren ] Profil
- Bekommen [ GOLD ]
- Wenn Du möchtest [ Verkaufen ]
- Wenn Du möchtest [ Kaufen ]
- Wenn Du vergessen hast [ Account ]
- Fragen [ [email protected] ]
- Anmeldungsseite
- Registrierungsseite
- Seite für Accountwiederherstellung
- FAQ Seite
- Kontakt
- Regeln für Veröffentlichungen
- Vereinbarungsseite
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
SAP NetWeaver AS JAVA 7.1 < 7.5 - Directory Traversal
Autor
Risiko
![](/img/risk/critlow_3.gif)
Security Risk High
]0day-ID
Kategorie
Datum hinzufügen
CVE
Betriebssystem
Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bug: Directory traversal Sent: 29.09.2015 Reported: 29.09.2015 Vendor response: 30.09.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2234971 Author: Vahagn Vardanyan (ERPScan) Description 1. ADVISORY INFORMATION Title: [ERPSCAN-16-012] SAP NetWeaver AS Java directory traversal vulnerability Advisory ID: [ERPSCAN-16-012] Risk: medium Advisory URL: https://erpscan.com/advisories/erpscan-16-012/ Date published: 08.03.2016 Vendors contacted: SAP 2. VULNERABILITY INFORMATION Class: directory traversal Impact: remotely read file from server Remotely Exploitable: Yes Locally Exploitable: No CVE-2016-3976 CVSS Information CVSS Base Score v3: 7.5 / 10 CVSS Base Vector: AV : Attack Vector (Related exploit range) Network (N) AC : Attack Complexity (Required attack complexity) Low (L) PR : Privileges Required (Level of privileges needed to exploit) None (N) UI : User Interaction (Required user participation) None (N) S : Scope (Change in scope due to impact caused to components beyond the vulnerable component) Changed (C) C : Impact to Confidentiality Low (L) I : Impact to Integrity None (N) A : Impact to Availability None (N) 3. VULNERABILITY DESCRIPTION An authorized attacker can use a special request to read files from the server and then escalate his or her privileges. 4. VULNERABLE PACKAGES SAP NetWeaver AS JAVA 7.1 - 7.5 Other versions are probably affected too, but they were not checked. 5. SOLUTIONS AND WORKAROUNDS To correct this vulnerability, install SAP Security Note 2234971 6. AUTHOR Vahagn Vardanyan (ERPScan) 7. TECHNICAL DESCRIPTION An attacker can use an SAP NetWeaver function CrashFileDownloadServlet to read files from the server. PoC GET /XXX/CrashFileDownloadServlet?fileName=..\security\data\SecStore.key Disclaimer: According to the partnership agreement between ERPScan and SAP, our company is not entitled to publish any detailed information about detected vulnerabilities before SAP releases a patch. After the release, SAP suggests respecting an implementation time of three months and asks security researchers to not to reveal any details during this time. However, In this case, the vulnerability allows an attacker to read arbitrary files on a remote server, possibly disclosing confidential information, and many such services are exposed to the Internet. As responsible security researchers, ERPScan team made a decision not to disseminate the full PoC even after the specified time. 8. REPORT TIMELINE Send: 29.09.2015 Reported: 29.09.2015 Vendor response: 30.09.2015 Date of Public Advisory: 08.03.2016 9. REFERENCES https://erpscan.com/advisories/erpscan-16-012/ # 0day.today [2024-07-02] #