Denial of Service Vulnerability in SAP Message Server by SAP SE
CVE-2017-5997

7.5HIGH

Key Information:

Vendor: SAP
Status: SAP Kernel
Vendor: CVE Published:; 15 February 2017

Summary

The vulnerability in the SAP Message Server HTTP daemon within the SAP KERNEL versions 7.21 through 7.49 allows an attacker to exploit crafted requests targeting the 'group' parameter. By sending multiple requests with specific sizes of the 'group' parameter, an attacker can trigger excessive memory consumption, ultimately leading to a denial of service condition where the server processes may crash. This can disrupt service availability and impact the organization’s operations.

References

https://erpscan.io/advisories/erpscan-16-038-sap-message-...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 15, 2017
Vulnerability Reserved
Feb 15, 2017