CVE-2006-5784

Currently unrated

Key Information:

Vendor: SAP
Status: SAP Web Application Server
Vendor: CVE Published:; 7 November 2006

Summary

Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a "3200+SYSNR" TCP port, as demonstrated by port 3201. NOTE: this issue can be leveraged by local users to access a named pipe as the SAPServiceJ2E user.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/29982

vdb-entryx_refsource_XF

http://securityreason.com/securityalert/1828

third-party-advisoryx_refsource_SREASON

http://www.vupen.com/english/advisories/2006/4318

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Nov 7, 2006
Vulnerability Reserved
Nov 7, 2006