CVE-2021-33670
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to denial of service vulnerability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP NetWeaver AS for Java (Http Service) | < 7.10 | affected |
| SAP SE | SAP NetWeaver AS for Java (Http Service) | < 7.11 | affected |
| SAP SE | SAP NetWeaver AS for Java (Http Service) | < 7.20 | affected |
| SAP SE | SAP NetWeaver AS for Java (Http Service) | < 7.30 | affected |
| SAP SE | SAP NetWeaver AS for Java (Http Service) | < 7.31 | affected |
| SAP SE | SAP NetWeaver AS for Java (Http Service) | < 7.40 | affected |
| SAP SE | SAP NetWeaver AS for Java (Http Service) | < 7.50 | affected |
Weaknesses
- Denial of Service
ADP Enrichment
CVE Program Container
Additional References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506
- https://launchpad.support.sap.com/#/notes/3056652
- http://seclists.org/fulldisclosure/2022/May/4
- http://packetstormsecurity.com/files/166965/SAP-NetWeaver-Java-Denial-Of-Service.html
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506
- https://launchpad.support.sap.com/#/notes/3056652
- http://seclists.org/fulldisclosure/2022/May/4
- http://packetstormsecurity.com/files/166965/SAP-NetWeaver-Java-Denial-Of-Service.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.