Denial of Service Vulnerability in SAP Message Server by SAP SE
CVE-2017-5997

7.5HIGH

Key Information:

Vendor: SAP
Status: SAP Kernel
Vendor: CVE Published:; 15 February 2017

What is CVE-2017-5997?

The vulnerability in the SAP Message Server HTTP daemon within the SAP KERNEL versions 7.21 through 7.49 allows an attacker to exploit crafted requests targeting the 'group' parameter. By sending multiple requests with specific sizes of the 'group' parameter, an attacker can trigger excessive memory consumption, ultimately leading to a denial of service condition where the server processes may crash. This can disrupt service availability and impact the organization’s operations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://erpscan.io/advisories/erpscan-16-038-sap-message-...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 15, 2017
Vulnerability Reserved
Feb 15, 2017

JSON

SAP

What is CVE-2017-5997?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.