Skip links

Potential denial of service in http provider of Web AS Java, SAP security note 1562064

Description

A malicious user can remotely exploit http service on dispatcher process on Web AS Java (J2EE), rendering it, and potentially the resources that are used to serve the dispatcher process, unavailable.

Available fix and Supported packages

  • SAP-JEE | 6.40 | 6.40
  • SAP-JEECOR | 7.00 | 7.00
  • SAP-JEECOR | 6.40 | 6.40
  • SAP-JEECOR | 7.01 | 7.02
  • SAP J2EE ENGINE 6.40 | SP024 | 000010
  • SAP J2EE ENGINE 6.40 | SP025 | 000015
  • SAP J2EE ENGINE 6.40 | SP026 | 000013
  • SAP J2EE ENGINE 6.40 | SP027 | 000007
  • SAP J2EE ENGINE 6.40 | SP028 | 000000
  • SAP J2EE ENGINE CORE 6.40 | SP028 | 000000
  • SAP J2EE ENGINE CORE 7.00 | SP020 | 000022
  • SAP J2EE ENGINE CORE 7.00 | SP021 | 000018
  • SAP J2EE ENGINE CORE 7.00 | SP022 | 000008
  • SAP J2EE ENGINE CORE 7.00 | SP023 | 000005
  • SAP J2EE ENGINE CORE 7.00 | SP024 | 000001
  • SAP J2EE ENGINE CORE 7.00 | SP025 | 000000
  • SAP J2EE ENGINE CORE 7.01 | SP005 | 000023
  • SAP J2EE ENGINE CORE 7.01 | SP006 | 000024
  • SAP J2EE ENGINE CORE 7.01 | SP007 | 000013
  • SAP J2EE ENGINE CORE 7.01 | SP008 | 000004
  • SAP J2EE ENGINE CORE 7.01 | SP009 | 000001
  • SAP J2EE ENGINE CORE 7.01 | SP010 | 000000
  • SAP J2EE ENGINE CORE 7.02 | SP003 | 000017
  • SAP J2EE ENGINE CORE 7.02 | SP004 | 000010

Affected component

    BC-JAS-WEB
    Web Container, HTTP, JavaMail, Servlets

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/1562064

TAGS

#DoS
#denial-of-service
#http-service
#connection-leak