OSVDB ID: 3084

Title: SAP DB waecho Service Long HTTP Request Overflow

Info

Disclosure

Nov 17, 2003

Discovery

Nov 17, 2003

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in SAP DB Version 7.4.03.30 (and earlier). By default, the web-tools installation are vulnerable to a buffer overflow in the waecho service. By sending a long HTTP request to the waecho service, a remote attacker could overflow a buffer and execute arbitrary code on the system

Classification

Attack Type: Input Manipulation
Impact: Loss of Integrity

Solution

Upgrade to version 7.4.03.30 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

SAP AG

SAP DB

7.4.03.27

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/3084