Denial of Service in SAP NetWeaver Application Server by Internet Communication Manager
CVE-2007-3615

Currently unrated

Key Information:

Vendor: SAP
Status: Internet Communication Manager; SAP Web Application Server
Vendor: CVE Published:; 6 July 2007

What is CVE-2007-3615?

The Internet Communication Manager (ICM) in SAP NetWeaver Application Server versions 6.x and 7.x on Windows allows remote attackers to trigger a denial of service, resulting in a crash of the process. This occurs through the exploitation of a specific vulnerability where a crafted URI containing a 'sap-isc-key' parameter causes instability in the web cache configuration, making the server unresponsive to legitimate requests.

References

http://archives.neohapsis.com/archives/fulldisclosure/200...

mailing-listx_refsource_FULLDISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/35278

vdb-entryx_refsource_XF

http://www.securityfocus.com/archive/1/472890/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 6, 2007
Vulnerability Reserved
Jul 6, 2007