All the vulnerabilites related to sap - internet_communication_manager
Vulnerability from fkie_nvd
Published
2007-07-06 19:30
Modified
2024-11-21 00:33
Severity ?
Summary
Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | all_windows | * | |
| sap | internet_communication_manager | * | |
| sap | sap_web_application_server | 6.10 | |
| sap | sap_web_application_server | 6.20 | |
| sap | sap_web_application_server | 6.40 | |
| sap | sap_web_application_server | 7.0 | |
| sap | sap_web_application_server | 7.0.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3AB4B29F-4C60-48A0-8F58-BCBDC58B697E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:internet_communication_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "651B211A-A926-40F2-A477-2107CD0FC78B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_web_application_server:6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FE5FAC41-5C2B-4653-A757-ADBFD37E716E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_web_application_server:6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "A68E0969-971D-4D97-97EE-F901B05885DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_web_application_server:6.40:*:*:*:*:*:*:*",
"matchCriteriaId": "B41DF7D3-9EF1-4F5B-870E-5D1FDF095509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_web_application_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5F89AF4D-B15A-4D91-B6A4-0A206772BC69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_web_application_server:7.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "23E194A2-DFBF-444F-99D0-A038A4C7EC6A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache."
},
{
"lang": "es",
"value": "El Internet Communication Manager (tambi\u00e9n conocido como ICMAN.exe o ICM) en el SAP NetWeaver Application Server 6.x y 7.x, posiblemente s\u00f3lo bajo Windows, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del proceso) a trav\u00e9s de un URI de cierta longitud que contenga el par\u00e1metro sap-isc-key, relacionado con la configuraci\u00f3n del cach\u00e9 de la web."
}
],
"id": "CVE-2007-3615",
"lastModified": "2024-11-21T00:33:39.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-07-06T19:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0105.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/38095"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25964"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2875"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/472890/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24774"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018336"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2450"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0105.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/38095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/472890/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35278"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-14 12:15
Modified
2024-11-21 06:09
Severity ?
Summary
SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, process invalid HTTP header. The incorrect handling of the invalid Transfer-Encoding header in a particular manner leads to a possibility of HTTP Request Smuggling attack. An attacker could exploit this vulnerability to bypass web application firewall protection, divert sensitive data such as customer requests, session credentials, etc.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/3000663 | Permissions Required | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/3000663 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:web_dispatcher:7.8_kernel_7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "CEFAE5D3-6729-47E6-8547-EDC127052682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:web_dispatcher:7.21ext:*:*:*:*:*:*:*",
"matchCriteriaId": "5DACDADA-64ED-4AFA-B6A0-A528334D9FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:web_dispatcher:7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "668A8F88-F8E1-4D57-83C7-A54C03A9931B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:web_dispatcher:7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "D3F76E6A-2F27-450C-AAB5-E49A64079CAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:web_dispatcher:7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "0B4A7850-377C-4463-A5D7-07F516FBD74A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:web_dispatcher:7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "47D4D542-2EC2-490B-B4E9-3E7BB8D59B77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:web_dispatcher:7.73:*:*:*:*:*:*:*",
"matchCriteriaId": "8E2A20A3-FDA5-4E75-A5F0-362840E5909D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:web_dispatcher:7.77:*:*:*:*:*:*:*",
"matchCriteriaId": "E33D9481-3CF6-4AA3-B115-7903AC6DAE25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:web_dispatcher:7.81:*:*:*:*:*:*:*",
"matchCriteriaId": "49FF2A5B-E5F0-4991-9AA3-7CB3B8C62941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:web_dispatcher:7.82:*:*:*:*:*:*:*",
"matchCriteriaId": "6C2DB75B-321F-4B4C-9398-21817BE7476E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:web_dispatcher:krnl32nuc_7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "769D40FF-AB05-4289-A77C-6FC272F02CDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:web_dispatcher:krnl32uc_7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "3B209FA5-802F-4A6E-B031-A4A06FE9A01E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:web_dispatcher:krnl64nuc_7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "1C32DCE3-2553-4D8F-931C-5CD1F95340C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:web_dispatcher:krnl64uc_7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9042C8-EDCD-402F-BFFA-70BF6BE53A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:web_dispatcher:webdisp_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "5481831F-91CC-49DD-A54B-277A6E6D22AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:internet_communication_manager:7.21ext:*:*:*:*:*:*:*",
"matchCriteriaId": "67918BDF-E07C-495D-8408-4C09F0E1F936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:internet_communication_manager:7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "47816D78-4FF9-48A6-A759-B174520C0B3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:internet_communication_manager:7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "3C852E38-88B7-454D-8011-4D92796E15D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:internet_communication_manager:7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "E595F8B1-8F17-411F-BF6E-ED3EB9459938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:internet_communication_manager:7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "8C949541-3D9C-4253-A43F-0DDA0FA8CF92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:internet_communication_manager:7.73:*:*:*:*:*:*:*",
"matchCriteriaId": "13D1D10D-0C54-44A2-9983-6AADDB14BB7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:internet_communication_manager:7.77:*:*:*:*:*:*:*",
"matchCriteriaId": "327D609D-2B85-4719-9F2E-166E9D99D6C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:internet_communication_manager:7.81:*:*:*:*:*:*:*",
"matchCriteriaId": "A6ED4FA2-5C99-4F0F-BF06-6DC022BDE65A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:internet_communication_manager:7.82:*:*:*:*:*:*:*",
"matchCriteriaId": "B2E37A8C-494F-4E4C-AE6A-255D1BB19429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:internet_communication_manager:kernel_7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE72859-CF21-4095-9262-59385AEAB47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:internet_communication_manager:krnl32nuc_7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA35FF0-0784-4936-9581-8DC9FFC3E206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:internet_communication_manager:krnl32uc_7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "92298C45-32BB-4957-92EA-9A9ABFDA892E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:internet_communication_manager:krnl64nuc_7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "55623101-2144-45CB-B612-F449A160F7F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:internet_communication_manager:krnl64uc_7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "C0410689-F1C7-4A08-9D75-6BF742DC2731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:internet_communication_manager:webdisp_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "9A364314-7520-43F0-B4EA-B8EEBB30A3D3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, process invalid HTTP header. The incorrect handling of the invalid Transfer-Encoding header in a particular manner leads to a possibility of HTTP Request Smuggling attack. An attacker could exploit this vulnerability to bypass web application firewall protection, divert sensitive data such as customer requests, session credentials, etc."
},
{
"lang": "es",
"value": "SAP Web Dispatcher e Internet Communication Manager (ICM), versiones - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22EXT, 7. 49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, procesan un encabezado HTTP no v\u00e1lido. El manejo incorrecto de la cabecera Transfer-Encoding no v\u00e1lida de manera particular conlleva a una posibilidad de ataque de contrabando de peticiones HTTP. Un atacante podr\u00eda explotar esta vulnerabilidad para omitir la protecci\u00f3n del firewall de la aplicaci\u00f3n web y desviar datos confidenciales, como peticiones de clientes, credenciales de sesi\u00f3n, etc"
}
],
"id": "CVE-2021-33683",
"lastModified": "2024-11-21T06:09:21.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "cna@sap.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-14T12:15:09.237",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required"
],
"url": "https://launchpad.support.sap.com/#/notes/3000663"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://launchpad.support.sap.com/#/notes/3000663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "cna@sap.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2021-33683
Vulnerability from cvelistv5
Published
2021-07-14 11:04
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, process invalid HTTP header. The incorrect handling of the invalid Transfer-Encoding header in a particular manner leads to a possibility of HTTP Request Smuggling attack. An attacker could exploit this vulnerability to bypass web application firewall protection, divert sensitive data such as customer requests, session credentials, etc.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506 | x_refsource_MISC | |
| https://launchpad.support.sap.com/#/notes/3000663 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SAP SE | SAP Web Dispatcher and Internet Communication Manager |
Version: < KRNL32NUC 7.21 Version: < 7.21EXT Version: < 7.22 Version: < 7.22EXT Version: < KRNL32UC 7.21 Version: < KRNL64NUC 7.21 Version: < 7.49 Version: < KRNL64UC 7.21 Version: < 7.53 Version: < 7.73 Version: < WEBDISP 7.53 Version: < 7.77 Version: < 7.81 Version: < 7.82 Version: < 7.83 Version: < KERNEL 7.21 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.780Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3000663"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Web Dispatcher and Internet Communication Manager",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c KRNL32NUC 7.21"
},
{
"status": "affected",
"version": "\u003c 7.21EXT"
},
{
"status": "affected",
"version": "\u003c 7.22"
},
{
"status": "affected",
"version": "\u003c 7.22EXT"
},
{
"status": "affected",
"version": "\u003c KRNL32UC 7.21"
},
{
"status": "affected",
"version": "\u003c KRNL64NUC 7.21"
},
{
"status": "affected",
"version": "\u003c 7.49"
},
{
"status": "affected",
"version": "\u003c KRNL64UC 7.21"
},
{
"status": "affected",
"version": "\u003c 7.53"
},
{
"status": "affected",
"version": "\u003c 7.73"
},
{
"status": "affected",
"version": "\u003c WEBDISP 7.53"
},
{
"status": "affected",
"version": "\u003c 7.77"
},
{
"status": "affected",
"version": "\u003c 7.81"
},
{
"status": "affected",
"version": "\u003c 7.82"
},
{
"status": "affected",
"version": "\u003c 7.83"
},
{
"status": "affected",
"version": "\u003c KERNEL 7.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, process invalid HTTP header. The incorrect handling of the invalid Transfer-Encoding header in a particular manner leads to a possibility of HTTP Request Smuggling attack. An attacker could exploit this vulnerability to bypass web application firewall protection, divert sensitive data such as customer requests, session credentials, etc."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444 (HTTP Request Smuggling)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-14T11:04:45",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3000663"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2021-33683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Web Dispatcher and Internet Communication Manager",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "KRNL32NUC 7.21"
},
{
"version_name": "\u003c",
"version_value": "7.21EXT"
},
{
"version_name": "\u003c",
"version_value": "7.22"
},
{
"version_name": "\u003c",
"version_value": "7.22EXT"
},
{
"version_name": "\u003c",
"version_value": "KRNL32UC 7.21"
},
{
"version_name": "\u003c",
"version_value": "7.21EXT"
},
{
"version_name": "\u003c",
"version_value": "7.22"
},
{
"version_name": "\u003c",
"version_value": "7.22EXT"
},
{
"version_name": "\u003c",
"version_value": "KRNL64NUC 7.21"
},
{
"version_name": "\u003c",
"version_value": "7.21EXT"
},
{
"version_name": "\u003c",
"version_value": "7.22"
},
{
"version_name": "\u003c",
"version_value": "7.22EXT"
},
{
"version_name": "\u003c",
"version_value": "7.49"
},
{
"version_name": "\u003c",
"version_value": "KRNL64UC 7.21"
},
{
"version_name": "\u003c",
"version_value": "7.21EXT"
},
{
"version_name": "\u003c",
"version_value": "7.22"
},
{
"version_name": "\u003c",
"version_value": "7.22EXT"
},
{
"version_name": "\u003c",
"version_value": "7.49"
},
{
"version_name": "\u003c",
"version_value": "7.53"
},
{
"version_name": "\u003c",
"version_value": "7.73"
},
{
"version_name": "\u003c",
"version_value": "WEBDISP 7.53"
},
{
"version_name": "\u003c",
"version_value": "7.73"
},
{
"version_name": "\u003c",
"version_value": "7.77"
},
{
"version_name": "\u003c",
"version_value": "7.81"
},
{
"version_name": "\u003c",
"version_value": "7.82"
},
{
"version_name": "\u003c",
"version_value": "7.83"
},
{
"version_name": "\u003c",
"version_value": "KERNEL 7.21"
},
{
"version_name": "\u003c",
"version_value": "7.22"
},
{
"version_name": "\u003c",
"version_value": "7.49"
},
{
"version_name": "\u003c",
"version_value": "7.53"
},
{
"version_name": "\u003c",
"version_value": "7.73"
},
{
"version_name": "\u003c",
"version_value": "7.77"
},
{
"version_name": "\u003c",
"version_value": "7.81"
},
{
"version_name": "\u003c",
"version_value": "7.82"
},
{
"version_name": "\u003c",
"version_value": "7.83"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, process invalid HTTP header. The incorrect handling of the invalid Transfer-Encoding header in a particular manner leads to a possibility of HTTP Request Smuggling attack. An attacker could exploit this vulnerability to bypass web application firewall protection, divert sensitive data such as customer requests, session credentials, etc."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.4",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-444 (HTTP Request Smuggling)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3000663",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3000663"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-33683",
"datePublished": "2021-07-14T11:04:45",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:22.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3615
Vulnerability from cvelistv5
Published
2007-07-06 19:00
Modified
2024-08-07 14:21
Severity ?
EPSS score ?
Summary
Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0105.html | mailing-list, x_refsource_FULLDISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35278 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/472890/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://osvdb.org/38095 | vdb-entry, x_refsource_OSVDB | |
| http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/ | x_refsource_MISC | |
| http://secunia.com/advisories/25964 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1018336 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2007/2450 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/24774 | vdb-entry, x_refsource_BID | |
| http://securityreason.com/securityalert/2875 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:36.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070705 Internet Communication Manager Denial Of Service Attack",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0105.html"
},
{
"name": "sap-icman-dos(35278)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35278"
},
{
"name": "20070705 Internet Communication Manager Denial Of Service Attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/472890/100/0/threaded"
},
{
"name": "38095",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38095"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/"
},
{
"name": "25964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25964"
},
{
"name": "1018336",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018336"
},
{
"name": "ADV-2007-2450",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2450"
},
{
"name": "24774",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24774"
},
{
"name": "2875",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2875"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070705 Internet Communication Manager Denial Of Service Attack",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0105.html"
},
{
"name": "sap-icman-dos(35278)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35278"
},
{
"name": "20070705 Internet Communication Manager Denial Of Service Attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/472890/100/0/threaded"
},
{
"name": "38095",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38095"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/"
},
{
"name": "25964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25964"
},
{
"name": "1018336",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018336"
},
{
"name": "ADV-2007-2450",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2450"
},
{
"name": "24774",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24774"
},
{
"name": "2875",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2875"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070705 Internet Communication Manager Denial Of Service Attack",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0105.html"
},
{
"name": "sap-icman-dos(35278)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35278"
},
{
"name": "20070705 Internet Communication Manager Denial Of Service Attack",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/472890/100/0/threaded"
},
{
"name": "38095",
"refsource": "OSVDB",
"url": "http://osvdb.org/38095"
},
{
"name": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/"
},
{
"name": "25964",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25964"
},
{
"name": "1018336",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018336"
},
{
"name": "ADV-2007-2450",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2450"
},
{
"name": "24774",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24774"
},
{
"name": "2875",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2875"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3615",
"datePublished": "2007-07-06T19:00:00",
"dateReserved": "2007-07-06T00:00:00",
"dateUpdated": "2024-08-07T14:21:36.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}