CVE-2012-2511

SAP NetWeaver 7.0 EHP1 and EHP2 - Denial of Service via Crafted SAP Diag Packet

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-2511.

AI-analyzed exploit summary The provided code is a functional Python script that exploits multiple vulnerabilities in SAP Netweaver Dispatcher, including buffer overflows and denial-of-service conditions. It demonstrates how to craft malicious SAP Diag packets to trigger these vulnerabilities.

Description

The DiagTraceAtoms function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.

Exploits (2)

exploitdb WORKING POC
doswindows
https://www.exploit-db.com/exploits/18853

The provided code is a functional Python script that exploits multiple vulnerabilities in SAP Netweaver Dispatcher, including buffer overflows and denial-of-service conditions. It demonstrates how to craft malicious SAP Diag packets to trigger these vulnerabilities.

Classification
Working Poc 100%
Attack Type
Rce | Dos
Complexity
Moderate
Reliability
Reliable
Target: SAP Netweaver 7.0 EHP1, SAP Netweaver 7.0 EHP2
No auth needed
Prerequisites: Developer Trace configured at levels 2 or 3 for the 'Dialog Processing' component · Access to TCP port 32NN (SAP system number)
devstral-2 · analyzed Feb 19, 2026 Full analysis →
exploitdb WORKING POC
pythondosmultiple
https://www.exploit-db.com/exploits/20705

The provided Python script demonstrates multiple buffer overflow vulnerabilities in SAP Netweaver Dispatcher, allowing remote unauthenticated attackers to execute arbitrary code or cause denial of service. It includes functional exploit code for several CVEs (e.g., CVE-2012-2511, CVE-2012-2611) by sending crafted SAP Diag packets to TCP port 32NN.

Classification
Working Poc 100%
Attack Type
Rce | Dos
Complexity
Moderate
Reliability
Reliable
Target: SAP Netweaver 7.0 EHP1/EHP2 (disp+work.exe)
No auth needed
Prerequisites: Developer Traces for 'Dialog Processing' set to level 2 or 3 · Access to SAP Dispatcher TCP ports (3200-3299)
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5
Core References
Various Sources x_refsource_misc
https://service.sap.com/sap/support/notes/1687910
Various Sources x_refsource_confirm
http://scn.sap.com/docs/DOC-8218
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1027052
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75453

Scores

EPSS 0.0368
EPSS Percentile 88.2%

Details

CWE
CWE-119
Status published
Products (1)
sap/netweaver 7.0 ehp1 (2 CPE variants)
Published May 15, 2012
Tracked Since Feb 18, 2026