CVE-2016-9562 - SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer excepti

CVE-2016-9562

Summary

SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835.

References

http://www.securityfocus.com/bid/92418
http://www.securityfocus.com/bid/95363
https://erpscan.io/advisories/erpscan-16-033-sap-netweaver-java-icman-dos-vulnerability/

Vulnerable Configurations

cpe:2.3:a:sap:netweaver_application_server_java:7.40:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:7.40:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 20-04-2021 - 19:42)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

bid	92418 95363
misc	https://erpscan.io/advisories/erpscan-16-033-sap-netweaver-java-icman-dos-vulnerability/

Last major update

20-04-2021 - 19:42

Published

23-11-2016 - 02:59

Last modified

20-04-2021 - 19:42