Vigil@nce - SAP NetWeaver HTTPd: denial of service via POST
November 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send a malicious POST query to SAP NetWeaver
HTTPd, in order to trigger a denial of service.
Impacted products: SAP ERP, NetWeaver
Severity: 2/4
Creation date: 24/10/2014
DESCRIPTION OF THE VULNERABILITY
The SAP NetWeaver product has an HTTPd service.
However, when a partial HTTP POST query is received, a fatal error
occurs.
An attacker can therefore send a malicious POST query to SAP
NetWeaver HTTPd, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/SAP-NetWeaver-HTTPd-denial-of-service-via-POST-15536