Vulners
Lucene search
SAP ASE ODATA Server 16 Denial Of Service Vulnerability
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | CVE-2017-5371 | 25 Mar 202414:38 | – | circl |
 | CVE-2017-5371 | 23 Jan 201721:00 | – | cve |
 | CVE-2017-5371 | 23 Jan 201721:00 | – | cvelist |
 | SAP ASE ODATA Server - Denial of Service | 2 Jan 201600:00 | – | erpscan |
 | EUVD-2017-14475 | 7 Oct 202500:30 | – | euvd |
 | Radamsa - A General-Purpose Fuzzer | 25 Mar 202411:30 | – | kitploit |
 | CVE-2017-5371 | 23 Jan 201721:59 | – | nvd |
 | CVE-2017-5371 | 23 Jan 201721:59 | – | osv |
 | Code injection | 23 Jan 201721:59 | – | prion |
 | SAP ASE ODATA SERVER denial of service vulnerability(CVE-2017-5371) | 20 Jan 201700:00 | – | seebug |
10
Application: SAP ASE
Versions Affected: SAP ASE ODATA Server v16
Vendor URL: http://SAP.com
Bugs: Denial of Service
Sent: 01.02.2016
Reported: 02.02.2016
Vendor response: 02.02.2016
Date of Public Advisory: 12.10.2016
Reference: SAP Security Note 2330422
Author: Vahagn @vah_13 Vardanyan (ERPScan)
Description
1. ADVISORY INFORMATION
Title:[ERPSCAN-16-036] SAP ASE ODATA SERVER a DENIAL OF SERVICE
Advisory ID:[ERPSCAN-16-036]
Risk: high
Advisory URL:
https://erpscan.com/advisories/erpscan-16-036-sap-ase-odata-server-denial-service/
Date published: 11.01.2017
Vendors contacted: SAP
2. VULNERABILITY INFORMATION
Class: Denial of Service
Impact: Resource Exhaustion
Remotely Exploitable: yes
Locally Exploitable: no
CVE: CVE-2017-5371
CVSS Information
CVSS Base Score v3: 7.5 / 10
CVSS Base Vector:
AV : Attack Vector (Related exploit range) Network (N)
AC : Attack Complexity (Required attack complexity) Low (L)
PR : Privileges Required (Level of privileges needed to exploit) None (N)
UI : User Interaction (Required user participation) None (N)
S : Scope (Change in scope due to impact caused to components beyond the
vulnerable component) Unchanged (U)
C : Impact to Confidentiality None (N)
I : Impact to Integrity None (N)
A : Impact to Availability High (H)
3. VULNERABILITY DESCRIPTION
An attacker can trigger a condition in which the process ceases to run.
This condition can be intentionally provoked by an attacker to cause
a denial of service.
4. VULNERABLE PACKAGES
SIQ
16.0
SQL_ANYWHERE_PERSONAL_SERVER
16.0
SYBASE_ASE_SERVER
15.7
SYBASE_ASE_SERVER
16.0
SYBASE_ASE_CE_SERVER
15.7
5. SOLUTIONS AND WORKAROUNDS
To correct this vulnerability, install SAP Security Note 2330422
6. AUTHOR
Vahagn Vardanyan (ERPScan)
7. TECHNICAL DESCRIPTION
By sending the special request to the SAP ASE Odata Server
(C:\SAP\ODATA-16_0\bin64), you can crash it.
8. REPORT TIMELINE
Reported: 02.02.2016
Vendor response: 02.02.2016
Date of Public Advisory: 12.10.2016
9. REFERENCES
https://erpscan.com/advisories/erpscan-16-036-sap-ase-odata-server-denial-service/
# 0day.today [2018-02-17] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
19 Jan 2017 00:00Current
7.4High risk
Vulners AI Score7.4
EPSS0.05268