CVE-2021-33670

Summary

SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to denial of service vulnerability.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver AS for Java (Http Service)< 7.10affected
SAP SESAP NetWeaver AS for Java (Http Service)< 7.11affected
SAP SESAP NetWeaver AS for Java (Http Service)< 7.20affected
SAP SESAP NetWeaver AS for Java (Http Service)< 7.30affected
SAP SESAP NetWeaver AS for Java (Http Service)< 7.31affected
SAP SESAP NetWeaver AS for Java (Http Service)< 7.40affected
SAP SESAP NetWeaver AS for Java (Http Service)< 7.50affected

Weaknesses

  • Denial of Service

ADP Enrichment

CVE Program Container

Additional References

References