Description
A malicious user can remotely exploit http service on dispatcher process on Web AS Java (J2EE), rendering it, and potentially the resources that are used to serve the dispatcher process, unavailable.
Available fix and Supported packages
- SAP-JEE | 6.40 | 6.40
- SAP-JEECOR | 7.00 | 7.00
- SAP-JEECOR | 6.40 | 6.40
- SAP-JEECOR | 7.01 | 7.02
- SAP J2EE ENGINE 6.40 | SP024 | 000010
- SAP J2EE ENGINE 6.40 | SP025 | 000015
- SAP J2EE ENGINE 6.40 | SP026 | 000013
- SAP J2EE ENGINE 6.40 | SP027 | 000007
- SAP J2EE ENGINE 6.40 | SP028 | 000000
- SAP J2EE ENGINE CORE 6.40 | SP028 | 000000
- SAP J2EE ENGINE CORE 7.00 | SP020 | 000022
- SAP J2EE ENGINE CORE 7.00 | SP021 | 000018
- SAP J2EE ENGINE CORE 7.00 | SP022 | 000008
- SAP J2EE ENGINE CORE 7.00 | SP023 | 000005
- SAP J2EE ENGINE CORE 7.00 | SP024 | 000001
- SAP J2EE ENGINE CORE 7.00 | SP025 | 000000
- SAP J2EE ENGINE CORE 7.01 | SP005 | 000023
- SAP J2EE ENGINE CORE 7.01 | SP006 | 000024
- SAP J2EE ENGINE CORE 7.01 | SP007 | 000013
- SAP J2EE ENGINE CORE 7.01 | SP008 | 000004
- SAP J2EE ENGINE CORE 7.01 | SP009 | 000001
- SAP J2EE ENGINE CORE 7.01 | SP010 | 000000
- SAP J2EE ENGINE CORE 7.02 | SP003 | 000017
- SAP J2EE ENGINE CORE 7.02 | SP004 | 000010
Affected component
- BC-JAS-WEB
Web Container, HTTP, JavaMail, Servlets
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1562064
