Overview
The SAP Web Server contains a vulnerability that may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
Description
SAP DB is a database server that includes a series of web-based configuration tools. A stack based buffer overlfow exists in the SAP DB web server (WAHTTP.exe). Note that this vulnerability only affects the web server that is included with the SAP DB server. Systems hosting the SAP web tools on a different web server are not affected by this vulnerability. |
Impact
An attacker may be able to execute arbitrary code, or create a denial-of-service condition. |
Solution
Upgrade |
|
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-sap-db-web-server-stack-overflow/
- http://www.securityfocus.com/bid/24773
- http://www.frsirt.com/english/advisories/2007/2453
- http://www.securitytracker.com/id?1018341
- http://secunia.com/advisories/25954
- http://xforce.iss.net/xforce/xfdb/35277
Acknowledgements
Thanks to Mark Litchfield of NGS software for information that was used in this report.
This document was written by Ryan Giobbi.
Other Information
| CVE IDs: | CVE-2007-3614 |
| Severity Metric: | 2.98 |
| Date Public: | 2007-07-05 |
| Date First Published: | 2007-07-10 |
| Date Last Updated: | 2007-07-16 15:18 UTC |
| Document Revision: | 9 |