Sign-up

ID

VAR-E-201208-0143


TITLE

SAP Netweaver 'SAPHostControl' Service Remote Code Execution Vulnerability

Trust: 0.3

sources: BID: 55084

DESCRIPTION

SAP Netweaver is prone to a remote code-execution vulnerability.
An attacker may leverage this issue to execute arbitrary script code with administrator user rights in context of the affected application. This may allow an attacker to take complete control of the system.
SAP NetWeaver 7.02 is vulnerable; other versions may also be affected.

Trust: 0.3

sources: BID: 55084

AFFECTED PRODUCTS

vendor:sapmodel:netweaverscope:eqversion:7.02

Trust: 0.3

sources: BID: 55084

EXPLOIT

An attacker can use a web browser to exploit this issue.
Exploit is available. Please see the references for information.
The following metasploit exploit modules are available:
Bullet list:
<li><a href="/data/vulnerabilities/exploits/55084.rb.txt">/data/vulnerabilities/exploits/55084.rb.txt</a></li>
<li><a href="/data/vulnerabilities/exploits/55084_1.rb">/data/vulnerabilities/exploits/55084_1.rb</a></li>
<li><a href="/data/vulnerabilities/exploits/55084_2.rb">/data/vulnerabilities/exploits/55084_2.rb</a></li>

Trust: 0.3

sources: BID: 55084

PRICE

Free

Trust: 0.3

sources: BID: 55084

TYPE

Design Error

Trust: 0.3

sources: BID: 55084

CREDITS

Michael Jordon, Context Information Security

Trust: 0.3

sources: BID: 55084

EXTERNAL IDS

db:BIDid:55084

Trust: 0.3

sources: BID: 55084

REFERENCES

url:http://www.sap.com/platform/netweaver/index.epx

Trust: 0.3

sources: BID: 55084

SOURCES

db:BIDid:55084

LAST UPDATE DATE

2022-07-27T09:30:20.257000+00:00


SOURCES UPDATE DATE

db:BIDid:55084date:2013-05-10T11:52:00

SOURCES RELEASE DATE

db:BIDid:55084date:2012-08-16T00:00:00