Skip links
Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

Detailed error messages with stack trace in Web Dynpro, SAP security note 962319

Description

UPDATE 23rd April 2019: This note has been re-released with updated ‘Validity’ and ‘Solution’ information. Additionally, CVSS information is also made available.

The error messages raised by Web Dynpro for Java, part of SAP NetWeaver, don’t have the required level of detail.

Available fix and Supported packages

  • SAP_JTECHS | 6.40 | 6.40
  • SAP_JTECHS | 7.00 | 7.00
  • SAP_JTECHF | 7.00 | 7.00
  • SAP_JTECHF | 6.40 | 6.40
  • WD-RUNTIME | 7.10 | 7.11
  • WD-RUNTIME | 7.20 | 7.20
  • WD-RUNTIME | 7.30 | 7.30
  • WD-RUNTIME | 7.31 | 7.31
  • WD-RUNTIME | 7.40 | 7.40
  • WD-RUNTIME | 7.50 | 7.50
  • FRAMEWORK | 7.10 | 7.11
  • FRAMEWORK | 7.20 | 7.20
  • FRAMEWORK | 7.30 | 7.30
  • FRAMEWORK | 7.31 | 7.31
  • FRAMEWORK | 7.40 | 7.40
  • FRAMEWORK | 7.50 | 7.50

Affected component

    BC-WD-JAV-RUN
    Web Dynpro Java Runtime

CVSS

Score: 5.3
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/962319

TAGS

#Web-Dynpro
#WebDynpro
#Java
#All-NetWeaver-Realeases
#stack-trace
#stacktrace
#error-page
#error-message
#500-Internal-Server-Error

Explore More

RedRays AI for ABAP Code Security

Empowering Secure, Efficient, and Compliant SAP ABAP Development—in Real Time and Without Data Retention In today’s rapidly evolving business landscape, organizations increasingly

Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series.