Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
erpscanERPScanERPSCAN-17-001
HistoryJan 11, 2016 - 12:00 a.m.

SAP AS JAVA DoS in BC-IAM-SSO-OTP package via QR Servlet

2016-01-1100:00:00
erpscan.io
48

0.003 Low

EPSS

Percentile

66.3%

JSON

Application: SAP AS JAVA SSO Authentication Library **Versions Affected:**SAP AS JAVA SSO Authentication Library 2.0-3.0 **Vendor URL: ** SAP **Bugs:**DoS **Reported:**01.11.2016 **Vendor response:**02.11.2016 **Date of Public Advisory:**10.01.2017 **Reference:**SAP Security Note 2389042 Author: Vahagn Vardanyan (ERPScan)

VULNERABILITY INFORMATION

Class: Denial of service
Impact: direct impact on availability
Remotely Exploitable: yes
Locally Exploitable: no
CVE: CVE-2017-7696

CVSS Information

CVSS Base Score v3: 7.5 / 10
CVSS Base Vector:

AV: Attack Vector (Related exploit range) Network (N)
AC: Attack Complexity (Required attack complexity) Low (L)
PR: Privileges Required (Level of privileges needed to exploit) None (N)
UI: User Interaction (Required user participation) None (N)
S: Scope (Change in scope due to impact caused to components beyond the vulnerable component) Unchanged (U)
C: Impact to Confidentiality None (N)
I: Impact to Integrity None(N)
A: Impact to Availability High (H)

Description

If a certain request is sent, a server will try to generate a large image that takes a long time to process.

Business risk

An attacker can use a Denial of Service vulnerability to terminate the process of a vulnerable component. In the meantime, nobody can use this service. This fact negatively influences business processes, system downtime, and business reputation.

VULNERABLE PACKAGES

SSO AUTHENTICATION LIBRARY 2.0
SSO AUTHENTICATION LIBRARY 3.0

SOLUTIONS AND WORKAROUNDS

To correct this vulnerability, install SAP Security Note 2389042.

TECHNICAL DESCRIPTION

If the request is sent, server will try to generate a large image (100000000 px) server side, consequently, it takes all internal memory to generate the image.

PoC

http://SAP_SERVER:50000/otp_logon_ui_resources/qr?url=aaa&width=100000000&height=100000000

1

|

http://SAP_SERVER:50000/otp_logon_ui_resources/qr?url=aaa&width=100000000&height=100000000

—|—

Related

cvelist 1
nvd 1
cve 1
prion 1
cvelist
cvelist
CVE-2017-7696
2017-04-14 18:00:00
nvd
nvd
CVE-2017-7696
2017-04-14 18:59:01
cve
cve
CVE-2017-7696
2017-04-14 18:59:01
prion
prion
Design/Logic Flaw
2017-04-14 18:59:00

0.003 Low

EPSS

Percentile

66.3%

JSON
Related for ERPSCAN-17-001
cvelist1nvd1cve1prion1