[ERPSCAN-14-001] SAP NetWeaver Message Server – DoS

DSECRG Advisories

Application: SAP NetWeaver Message Server
Versions Affected: SAP KERNEL 7.20 32BIT
Vendor URL: http://www.sap.com
Bugs: Improper Input Validation
Exploits: PoC
Reported: 10.07.2013
Vendor response: 11.07.2013
Date of Public Advisory: 25.01.2014
Reference: SAP Security Note 1773912
Author: George Nosenko (ERPScan)

A remote attacker can conduct a denial of service attack against SAP Message Server, or affect its control flow, without authorization.

Business Risk
An attacker can use a denial of service vulnerability for terminating the process of the vulnerable component. As a result, nobody can use this service, which has a negative influence on business processes. System downtime also harms business reputation.


To prevent this issue as well as a plethora of other vulnerabilities that may affect your systems, ERPScan provides the following services: