CVE-2016-4014
SAP NetWeaver AS JAVA 7.4 XXE Injection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service (system hang) via a crafted DTD in an XML request to uddi/api/replication, aka SAP Security Note 2254389.
Vulnerabilidad de XXE en el componente UDDI en SAP NetWeaver JAVA AS 7.4 permite a atacantes remotos provocar una denegación de servicio (cuelgue del sistema) a través de un DTD manipulado en una petición XML para uddi/api/replication, también conocido como SAP Security Note 2254389.
An attacker can trigger an XML Entity Expansion or XML External Entity Injection. This causes the entire machine to become unresponsive until the process is terminated manually. An attacker can use this flaw to perform a denial-of-service (DoS) attack. SAP NetWeaver AS JAVA version 7.4 is affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-04-14 CVE Reserved
- 2016-04-14 CVE Published
- 2020-08-13 First Exploit
- 2024-08-06 CVE Updated
- 2024-08-13 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://erpscan.io/advisories/erpscan-16-020-sap-netweaver-java-uddi-component-xxe-vulnerability | X_refsource_misc | |
| https://erpscan.io/press-center/blog/dos-vulnerabilities-on-the-rise-sap-security-notes-april-2016 | X_refsource_misc |
| URL | Date | SRC |
|---|---|---|
| https://github.com/murataydemir/CVE-2016-4014 | 2020-08-13 | |
| http://packetstormsecurity.com/files/137919/SAP-NetWeaver-AS-JAVA-7.4-XXE-Injection.html | 2024-08-06 | |
| http://seclists.org/fulldisclosure/2016/Jul/45 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|