CVSS: 5.0EPSS: 1%CPEs: 8EXPL: 0CVE-2009-4603
https://notcve.org/view.php?id=CVE-2009-4603
Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service (Management Console shutdown) via a crafted request. NOTE: some of these details are obtained from third party information. vulnerabilidad inespecífica en sapstartsrv.exe en el kernel SAP v6.40, v7.00, v7.01, v7.10, v7.11, y v7.20, tal y como se utiliza en SAP NetWeaver v7.x y SAP Web Application Server v6.x y v7.x, permite a atacantes remotos producir una denegación de servicio (apagado de la consola de administración) a través de una petición manipulada. • http://secunia.com/advisories/37684 http://www.cybsec.com/vuln/CYBSEC_SAP_sapstartsrv_DoS.pdf http://www.securityfocus.com/bid/37286 http://www.securitytracker.com/id?1023319 https://service.sap.com/sap/support/notes/1302231 •
CVSS: 7.8EPSS: 4%CPEs: 7EXPL: 0CVE-2007-3615
https://notcve.org/view.php?id=CVE-2007-3615
Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache. El Internet Communication Manager (también conocido como ICMAN.exe o ICM) en el SAP NetWeaver Application Server 6.x y 7.x, posiblemente sólo bajo Windows, permite a atacantes remotos provocar una denegación de servicio (caída del proceso) a través de un URI de cierta longitud que contenga el parámetro sap-isc-key, relacionado con la configuración del caché de la web. • http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0105.html http://osvdb.org/38095 http://secunia.com/advisories/25964 http://securityreason.com/securityalert/2875 http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos http://www.securityfocus.com/archive/1/472890/100/0/threaded http://www.securityfocus.com/bid/24774 http://www.securitytracker.com/id?1018336 http://www.vupen.com/english/advisories/2007/2450 https://exchange.xforce.ibmc •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2006-6011
https://notcve.org/view.php?id=CVE-2006-6011
Unspecified vulnerability in SAP Web Application Server before 6.40 patch 6 allows remote attackers to cause a denial of service (enserver.exe crash) via a certain UDP packet to port 64999, aka "two bytes UDP crash," a different vulnerability than CVE-2006-5785. Vulnerabilidad no especificada en SAP Web Application Server anterior a 6.40 patch 6 permite a atacantes remotos provocar una denegación de servicio (cierre de enserver.exe) mediante un determinado paquete UDP enviado al puerto 64999, también conocido como "caída UDP de dos bytes"(o "two bytes UDP crash"), una vulnerabilidad distinta de CVE-2006-5785. • http://securityreason.com/securityalert/1889 http://www.securityfocus.com/archive/1/451378/100/0/threaded •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 1CVE-2006-5784 – SAP Web Application Server 6.40 - Arbitrary File Disclosure
https://notcve.org/view.php?id=CVE-2006-5784
Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a "3200+SYSNR" TCP port, as demonstrated by port 3201. NOTE: this issue can be leveraged by local users to access a named pipe as the SAPServiceJ2E user. Vulnerabilidad no especificada en SAP Web Application Server 6.40 anterior al parche 136 y 7.00 anterior al parche 66 permite a atacantes remotos leer ficheros de su elección mediante vectores no especificados. NOTA: este asunto puede ser aprovechado por usuarios locales para acceder a una tubería con nombre como usuario SAPServiceJ2E. • https://www.exploit-db.com/exploits/3291 http://secunia.com/advisories/22677 http://securityreason.com/securityalert/1828 http://www.securityfocus.com/archive/1/450394/100/0/threaded http://www.securityfocus.com/archive/1/459499/100/0/threaded http://www.securityfocus.com/bid/20877 http://www.securitytracker.com/id?1017628 http://www.vupen.com/english/advisories/2006/4318 https://exchange.xforce.ibmcloud.com/vulnerabilities/29982 •
CVSS: 5.0EPSS: 3%CPEs: 2EXPL: 0CVE-2006-5785
https://notcve.org/view.php?id=CVE-2006-5785
Unspecified vulnerability in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to cause a denial of service (enserver.exe crash) via a 0x72F2 sequence on UDP port 64999. Vulnerabilidad no especificada en SAP Web Application Server 6.40 anterior al parche 136 y 7.00 anterior al parche 66 permite a atacantes remotos provocar una denegación de servicio (caída enserver.exe) mediante vectores no especificados. • http://secunia.com/advisories/22677 http://securityreason.com/securityalert/1828 http://www.securityfocus.com/archive/1/450394/100/0/threaded http://www.securityfocus.com/archive/1/459499/100/0/threaded http://www.securityfocus.com/bid/20873 http://www.securitytracker.com/id?1017628 http://www.vupen.com/english/advisories/2006/4318 https://exchange.xforce.ibmcloud.com/vulnerabilities/29981 •