OSVDB ID: 99839

Title: SAP Products Internet Sales (CRM-ISA) Component isa_relogin Cookie Manipulation Client-side DoS Weakness

Info

Disclosure

May 08, 2012

Discovery

Jun 29, 2011

Dates

Exploit

Unknown

Solution

May 08, 2012

Description

Multiple SAP products contain a flaw in the Internet Sales (CRM-ISA) component that is triggered when processing the 'isa_relogin' cookie value. With a specially crafted request, a context-dependent attacker can trigger a runtime error that prevents the specific client from connecting.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Availability
Solution: Patch / RCS
Exploit: Exploit Private
Disclosure: Vendor Verified
OSVDB: Web Related, Not a Vulnerability

Solution

It has been reported that this issue has been fixed. It is advised for users seeking fixes to access the referenced SAP note vendor solution in the references to do so.

Products

SAP AG

Internet Sales (CRM-ISA)

Unspecified

CRM Java Applications (SAP-CRMAPP)

7.0
7.02
7.31
5.0
7.01
7.3
7.32
6.0

Shared Java Applications (SAP-SHRAPP)

7.0
7.02
7.31
5.0
7.01
7.3
7.32
6.0

CRM Java Components (SAP-CRMJAV)

7.0
7.02
7.31
5.0
7.01
7.3
7.32
6.0

CRM Java Web Components (SAP-CRMWEB)

7.0
7.02
7.31
5.0
7.01
7.3
7.32
6.0

Shared Web Components (SAP-SHRWEB)

7.0
7.02
7.31
5.0
7.01
7.3
7.32
6.0

Shared Java Components (SAP-SHRJAV)

7.0
7.02
7.31
5.0
7.01
7.3
7.32
6.0

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/99839