Description
An attacker can discover information related to SAP NetWeaver (NW) Application Server (AS) Java when using SSL 3.0 protocol.
Such information could allow the attacker to specialize attacks against AS Java.
As reported in CVE-2014-3566, a so called man-in-the-middle attack is possible, even if the newer protocol version TLS 1.0 is turned on or configured in addition to SSLv3.
Available fix and Supported packages
- SAP-JEECOR | 7.00 | 7.00
- SAP-JEECOR | 7.01 | 7.02
- SAP J2EE ENGINE CORE 7.00 | SP026 | 000031
- SAP J2EE ENGINE CORE 7.00 | SP027 | 000021
- SAP J2EE ENGINE CORE 7.00 | SP028 | 000018
- SAP J2EE ENGINE CORE 7.00 | SP029 | 000011
- SAP J2EE ENGINE CORE 7.00 | SP030 | 000011
- SAP J2EE ENGINE CORE 7.00 | SP031 | 000011
- SAP J2EE ENGINE CORE 7.00 | SP032 | 000000
- SAP J2EE ENGINE CORE 7.01 | SP011 | 000035
- SAP J2EE ENGINE CORE 7.01 | SP012 | 000028
- SAP J2EE ENGINE CORE 7.01 | SP013 | 000015
- SAP J2EE ENGINE CORE 7.01 | SP014 | 000016
- SAP J2EE ENGINE CORE 7.01 | SP015 | 000012
- SAP J2EE ENGINE CORE 7.01 | SP016 | 000010
- SAP J2EE ENGINE CORE 7.01 | SP017 | 000000
- SAP J2EE ENGINE CORE 7.02 | SP010 | 000030
- SAP J2EE ENGINE CORE 7.02 | SP011 | 000037
- SAP J2EE ENGINE CORE 7.02 | SP012 | 000030
- SAP J2EE ENGINE CORE 7.02 | SP013 | 000018
- SAP J2EE ENGINE CORE 7.02 | SP014 | 000020
- SAP J2EE ENGINE CORE 7.02 | SP015 | 000015
Affected component
- BC-JAS-SEC-CPG
Cryptography
CVSS
Score: 0
Exploit
Exploit is not available.
For detailed information please contact the mail [email protected]
URL
https://launchpad.support.sap.com/#/notes/2094598