1. CVE-Search
  2. CVE-2007-3615
ID CVE-2007-3615
Summary Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:internet_communication_manager:*:*:*:*:*:*:*:*
    cpe:2.3:a:sap:internet_communication_manager:*:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:sap_web_application_server:6.10:*:*:*:*:*:*:*
    cpe:2.3:a:sap:sap_web_application_server:6.10:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:sap_web_application_server:6.20:*:*:*:*:*:*:*
    cpe:2.3:a:sap:sap_web_application_server:6.20:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:sap_web_application_server:6.40:*:*:*:*:*:*:*
    cpe:2.3:a:sap:sap_web_application_server:6.40:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:sap_web_application_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:sap:sap_web_application_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:sap_web_application_server:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:sap:sap_web_application_server:7.0.10:*:*:*:*:*:*:*
CVSS
Base: 7.8 (as of 15-10-2018 - 21:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
refmap via4
bid 24774
bugtraq 20070705 Internet Communication Manager Denial Of Service Attack
fulldisc 20070705 Internet Communication Manager Denial Of Service Attack
misc http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/
osvdb 38095
sectrack 1018336
secunia 25964
sreason 2875
vupen ADV-2007-2450
xf sap-icman-dos(35278)
Last major update 15-10-2018 - 21:29
Published 06-07-2007 - 19:30
Last modified 15-10-2018 - 21:29
Back to Top