CVE-2016-1929

Sažetak

The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service (disk consumption and process crash) via a crafted HTTP request, related to an unspecified debug function, aka SAP Security Note 2241978.

Reference

http://seclists.org/fulldisclosure/2016/Apr/59
https://erpscan.io/advisories/erpscan-16-002-sap-hana-log-injection-and-no-size-restriction/
https://erpscan.io/press-center/blog/sap-security-notes-january-2016-review/

CVSS

Base:	8.5
Impact:	7.8
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:C

Zadnje važnije ažuriranje

10-12-2018 - 19:29

Objavljeno

20-01-2016 - 16:59