ID CVE-2007-3614
Summary Multiple stack-based buffer overflows in waHTTP.exe (aka the SAP DB Web Server) in SAP DB, possibly 7.3 through 7.5, allow remote attackers to execute arbitrary code via (1) a certain cookie value; (2) a certain additional parameter, related to sapdbwa_GetQueryString; and other unspecified vectors related to "numerous other fields."
References
Vulnerable Configurations
  • cpe:2.3:a:sap:sap_db:7.3.00:*:*:*:*:*:*:*
    cpe:2.3:a:sap:sap_db:7.3.00:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:sap_db:7.3.29:*:*:*:*:*:*:*
    cpe:2.3:a:sap:sap_db:7.3.29:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:sap_db:7.4:*:*:*:*:*:*:*
    cpe:2.3:a:sap:sap_db:7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:sap_db:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:sap:sap_db:7.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:sap_db:7.4.3.7_beta:*:*:*:*:*:*:*
    cpe:2.3:a:sap:sap_db:7.4.3.7_beta:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:sap_db:7.4.03.29:*:*:*:*:*:*:*
    cpe:2.3:a:sap:sap_db:7.4.03.29:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:sap_db:7.4.03.30:*:*:*:*:*:*:*
    cpe:2.3:a:sap:sap_db:7.4.03.30:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:sap_db:7.5:*:*:*:*:*:*:*
    cpe:2.3:a:sap:sap_db:7.5:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 15-10-2018 - 21:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 24773
bugtraq 20070705 SAP DB Web Server Stack Overflow
cert-vn VU#679041
misc http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-sap-db-web-server-stack-overflow/
osvdb 37838
sectrack 1018341
secunia 25954
sreason 2867
vupen ADV-2007-2453
xf sapdb-wahttp-bo(35277)
Last major update 15-10-2018 - 21:29
Published 06-07-2007 - 19:30
Last modified 15-10-2018 - 21:29
Back to Top