CVE-2013-1593
SAP Netweaver Message Server Buffer Overflow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN.
Se presenta una vulnerabilidad de Denegación de Servicio en la función WRITE_C en el módulo msg_server.exe en SAP NetWeaver 2004s, versiones 7.01 SR1, 7.02 SP06 y 7.30 SP04, cuando se envía un paquete de SAP Message Server diseñado hacia los puertos TCP 36NN y/o 39NN.
Core Security Technologies Advisory - Multiple vulnerabilities have been found in SAP Netweaver that could allow an unauthenticated remote attacker to execute arbitrary code and lead to denial of service conditions. The vulnerabilities are triggered sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN (being NN the SAP system number) of a host running the 'Message Server' service, part of SAP Netweaver Application Server ABAP. By sending different messages, the different vulnerabilities can be triggered.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-02-04 CVE Reserved
- 2013-02-15 CVE Published
- 2013-02-15 First Exploit
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-129: Improper Validation of Array Index
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/57956 | Third Party Advisory | |
| http://www.securitytracker.com/id/1028148 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/82065 | Third Party Advisory | |
| https://packetstormsecurity.com/files/cve/CVE-2013-1593 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/120350 | 2013-02-15 | |
| https://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sap Search vendor "Sap" | Netweaver Search vendor "Sap" for product "Netweaver" | 7.01 Search vendor "Sap" for product "Netweaver" and version "7.01" | sr1 |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Search vendor "Sap" for product "Netweaver" | 7.02 Search vendor "Sap" for product "Netweaver" and version "7.02" | sp06 |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Search vendor "Sap" for product "Netweaver" | 7.30 Search vendor "Sap" for product "Netweaver" and version "7.30" | sp04 |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Search vendor "Sap" for product "Netweaver" | 2004s Search vendor "Sap" for product "Netweaver" and version "2004s" | - |
Affected
| ||||||