Skip links

J2EE Security vulnerability by unprotected HTTP PUT method, SAP security note 604285

Description

By default there are no restrictions for the HTTP PUT method.
Also, authentication is not required if you try to upload a file.

Available fix and Supported packages

  • SAP-JEE | 6.20 | 6.20

Affected component

    BC-JAS-WEB
    Web Container, HTTP, JavaMail, Servlets

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/604285

TAGS

#J2EE
#PUT