7.5

CVE-2007-3614

Exploit
Multiple stack-based buffer overflows in waHTTP.exe (aka the SAP DB Web Server) in SAP DB, possibly 7.3 through 7.5, allow remote attackers to execute arbitrary code via (1) a certain cookie value; (2) a certain additional parameter, related to sapdbwa_GetQueryString; and other unspecified vectors related to "numerous other fields."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAPSap Db Version7.3.00
SAPSap Db Version7.3.29
SAPSap Db Version7.4
SAPSap Db Version7.4.3
SAPSap Db Version7.4.3.7_beta
SAPSap Db Version7.4.03.29
SAPSap Db Version7.4.03.30
SAPSap Db Version7.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 70% 0.993
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://osvdb.org/37838
http://secunia.com/advisories/25954
http://securityreason.com/securityalert/2867
http://www.kb.cert.org/vuls/id/679041
US Government Resource
http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-sap-db-web-server-stack-overflow/
http://www.securityfocus.com/archive/1/472891/100/0/threaded
http://www.securityfocus.com/bid/24773
Patch
Exploit
http://www.securitytracker.com/id?1018341
http://www.vupen.com/english/advisories/2007/2453
https://exchange.xforce.ibmcloud.com/vulnerabilities/35277