Application: SAP NetWeaver
Versions Affected: SAP NetWeaver 7.0 metamodel repository
Vendor URL: <http://sap.com>
Bugs: Denial of service
Vendor response: 15.02.2010
Date of Public Advisory: 09.11.2010
Author: Alexandr Polyakov
SAP Netweaver Metamodel Repository can be accessed without authentication by default in the old versions of SAP ECC.
A remote attacker can send a malicious packet to SAP NetWeaver server via the Internet or inside a company and conduct a denial of service attack by resource exhaustion. This will stop server and all business processes running on it. It can lead to monetary and reputation loss.