CVE-2021-33670

Sažetak

SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to denial of service vulnerability.

Reference

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506
https://launchpad.support.sap.com/#/notes/3056652
http://seclists.org/fulldisclosure/2022/May/4
http://packetstormsecurity.com/files/166965/SAP-NetWeaver-Java-Denial-Of-Service.html

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Zadnje važnije ažuriranje

12-05-2022 - 20:15

Objavljeno

14-07-2021 - 12:15