SAP NetWeaver Message Server – DoS

Type erpscan
Reporter ERPScan
Modified 2013-10-07T00:00:00


Application: SAP NetWeaver Message Server
Versions Affected: SAP KERNEL 7.20 32BIT
Vendor URL:
Bugs: Improper Input Validation
Exploits: PoC
Reported: 10.07.2013
Vendor response: 11.07.2013
Date of Public Advisory: 25.01.2014
Reference: SAP Security Note 1773912
Author: George Nosenko (ERPScan)

A remote attacker can conduct a denial of service attack against SAP Message Server, or affect its control flow, without authorization.

Business Risk
An attacker can use a denial of service vulnerability for terminating the process of the vulnerable component. As a result, nobody can use this service, which has a negative influence on business processes. System downtime also harms business reputation.


To prevent this issue as well as a plethora of other vulnerabilities that may affect your systems, ERPScan provides the following services: