|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 2875 CVE : CVE-2007-3615 SecurityRisk : High  (About) Remote Exploit : Yes Local Exploit : No Exploit Given : No Credit : NGSSoftware Published : 14.07.2007
Advisory Text : ======= Summary ======= Name: Internet Communication Manager Denial Of Service Attack Release Date: 5 July 2007 Reference: NGS00484 Discover: Mark Litchfield <mark (at) ngssoftware (dot) com [email concealed]> Vendor: SAP Vendor Reference: SECRES-287 Systems Affected: Confirmed on Windows (unconfirmed on *NIX) Risk: High Status: Fixed ======== TimeLine ======== Discovered: 3 January 2007 Released: 19 January 2007 Approved: 29 January 2007 Reported: 11 January 2007 Fixed: 2 May 2007 Published: =========== Description =========== Internet Communication Manager ensures communication between the SAP Web Application Server with the WWW using the HTTP, HTTPS and SMTP protocols. ICM is part of the SAP Web Application Server and is implemented as an independent process (ICMAN.exe) and is started and monitored by the dispatcher. The Internet Communication Manager also offers the ICM Server Cache as part of its functionality, using the ICM server cache increases performance considerably. The ICM server cache (also known as the Internet Server Cache saves HTTP(S) objects before they are sent back to the requesting client. The next time an object is requested, the application gets the contents directly from the cache before sending it to the client. However, it is possible to configure the Web dispatcher to act as a web cache. For more information visit - http://help.sap.com/saphelp_nw04s/helpdata/en/9f/89e2edfde645fca1636fa84 68d2e74/content.htm. A method by which to determine if the Internet Communication Manager is acting as the web cache, we can make the following request: http://target/foo.gif?sap-isc-key=ngs An error will be returned: 500 Internal Server Error ___________________________________________________________ Error: -15 Version: 7010 Component: HTTP_CACHE Date/Time: xxxxxxxxxxxxxxxx Module: http_cache.c Line: 2640 Server: Target_JP1_01 Error Tag: {-} Detail: Object not found (key='ngs') ================= Technical Details ================= By passing a URI of 264 bytes the ICMAN.exe process terminates. This includes the length of the requested file, the file extension, the ?, the paramter 'sap-isc-key=' and the value. This is an very effective Denial of Service attack within a SAP environment. =============== Fix Information =============== Please ensure you have the latest version NGSSoftware Insight Security Research http://www.ngssoftware.com/ http://www.databasesecurity.com/ http://www.nextgenss.com/ +44(0)208 401 0070  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Multiple Vendors libc/gdtoa printf(3) Array Overrun
SecurityReason realised new advisory about vulnerabilities libc/gdtoa... |
||
| Apache |  |
|
» Apache Tomcat |
||
» Apache Tomcat User |
||
| PHP | |
|
» PHP |
||
- 2009-05-30| Copyright © SecurityReason.com. All Rights Reserved. |