Description
An attacker can discover information related to SAP NetWeaver (NW) Application Server (AS) Java when using SSL 3.0 protocol.
Such information could allow the attacker to specialize attacks against AS Java.
As reported in CVE-2014-3566, a so called man-in-the-middle attack is possible, even if the newer protocol version TLS 1.0 is turned on or configured in addition to SSLv3.
Available fix and Supported packages
- SAP-JEECOR | 7.00 | 7.00
- SAP-JEECOR | 7.01 | 7.02
- SAP J2EE ENGINE CORE 7.00 | SP026 | 000031
- SAP J2EE ENGINE CORE 7.00 | SP027 | 000021
- SAP J2EE ENGINE CORE 7.00 | SP028 | 000018
- SAP J2EE ENGINE CORE 7.00 | SP029 | 000011
- SAP J2EE ENGINE CORE 7.00 | SP030 | 000011
- SAP J2EE ENGINE CORE 7.00 | SP031 | 000011
- SAP J2EE ENGINE CORE 7.00 | SP032 | 000000
- SAP J2EE ENGINE CORE 7.01 | SP011 | 000035
- SAP J2EE ENGINE CORE 7.01 | SP012 | 000028
- SAP J2EE ENGINE CORE 7.01 | SP013 | 000015
- SAP J2EE ENGINE CORE 7.01 | SP014 | 000016
- SAP J2EE ENGINE CORE 7.01 | SP015 | 000012
- SAP J2EE ENGINE CORE 7.01 | SP016 | 000010
- SAP J2EE ENGINE CORE 7.01 | SP017 | 000000
- SAP J2EE ENGINE CORE 7.02 | SP010 | 000030
- SAP J2EE ENGINE CORE 7.02 | SP011 | 000037
- SAP J2EE ENGINE CORE 7.02 | SP012 | 000030
- SAP J2EE ENGINE CORE 7.02 | SP013 | 000018
- SAP J2EE ENGINE CORE 7.02 | SP014 | 000020
- SAP J2EE ENGINE CORE 7.02 | SP015 | 000015
Affected component
- BC-JAS-SEC-CPG
Cryptography
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2094598
