Skip links
RedRays - Your SAP Security Solution
Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

SAP Security on Udemy

Detailed error messages with stack trace in Web Dynpro, SAP security note 962319

Description

UPDATE 23rd April 2019: This note has been re-released with updated ‘Validity’ and ‘Solution’ information. Additionally, CVSS information is also made available.

The error messages raised by Web Dynpro for Java, part of SAP NetWeaver, don’t have the required level of detail.

Available fix and Supported packages

  • SAP_JTECHS | 6.40 | 6.40
  • SAP_JTECHS | 7.00 | 7.00
  • SAP_JTECHF | 7.00 | 7.00
  • SAP_JTECHF | 6.40 | 6.40
  • WD-RUNTIME | 7.10 | 7.11
  • WD-RUNTIME | 7.20 | 7.20
  • WD-RUNTIME | 7.30 | 7.30
  • WD-RUNTIME | 7.31 | 7.31
  • WD-RUNTIME | 7.40 | 7.40
  • WD-RUNTIME | 7.50 | 7.50
  • FRAMEWORK | 7.10 | 7.11
  • FRAMEWORK | 7.20 | 7.20
  • FRAMEWORK | 7.30 | 7.30
  • FRAMEWORK | 7.31 | 7.31
  • FRAMEWORK | 7.40 | 7.40
  • FRAMEWORK | 7.50 | 7.50

Affected component

    BC-WD-JAV-RUN
    Web Dynpro Java Runtime

CVSS

Score: 5.3
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/962319

TAGS

#Web-Dynpro
#WebDynpro
#Java
#All-NetWeaver-Realeases
#stack-trace
#stacktrace
#error-page
#error-message
#500-Internal-Server-Error

More to explorer

Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series. 

JOIN