Description
When trying to visualize a WSDL corresponding to a web service by opening its URL, in certain error situations the returned error message may cause a vulnerability by disclosing file system paths on the server.
Available fix and Supported packages
- ENGINEAPI | 7.10 | 7.11
- ENGINEAPI | 7.20 | 7.20
- SAP-JEE | 6.40 | 6.40
- SAP-JEE | 7.00 | 7.02
- ENGINEAPI 7.10 | SP008 | 000008
- ENGINEAPI 7.10 | SP009 | 000007
- ENGINEAPI 7.10 | SP010 | 000005
- ENGINEAPI 7.10 | SP011 | 000000
- ENGINEAPI 7.11 | SP003 | 000009
- ENGINEAPI 7.11 | SP004 | 000010
- ENGINEAPI 7.11 | SP005 | 000006
- ENGINEAPI 7.11 | SP006 | 000000
- ENGINEAPI 7.20 | SP001 | 000006
- ENGINEAPI 7.20 | SP002 | 000008
- ENGINEAPI 7.20 | SP003 | 000005
- ENGINEAPI 7.20 | SP004 | 000000
- SAP J2EE ENGINE 6.40 | SP025 | 000009
- SAP J2EE ENGINE 6.40 | SP026 | 000007
- SAP J2EE ENGINE 6.40 | SP027 | 000000
- SAP J2EE ENGINE 7.00 | SP019 | 000009
- SAP J2EE ENGINE 7.00 | SP020 | 000009
- SAP J2EE ENGINE 7.00 | SP021 | 000010
- SAP J2EE ENGINE 7.00 | SP022 | 000005
- SAP J2EE ENGINE 7.00 | SP023 | 000000
Affected component
- BC-ESI-WS-JAV-RT
Runtime
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1461268
