CVE-2012-2512

SAP NetWeaver 7.0 EHP1 and EHP2 - Denial of Service via Crafted SAP Diag Packet

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-2512.

AI-analyzed exploit summary The provided code is a functional Python exploit for CVE-2012-2512, targeting SAP Netweaver Dispatcher. It includes proof-of-concept code to trigger multiple vulnerabilities, including buffer overflows and denial-of-service conditions via crafted SAP Diag packets.

Description

The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.

Exploits (2)

exploitdb WORKING POC
doswindows
https://www.exploit-db.com/exploits/18853

The provided code is a functional Python exploit for CVE-2012-2512, targeting SAP Netweaver Dispatcher. It includes proof-of-concept code to trigger multiple vulnerabilities, including buffer overflows and denial-of-service conditions via crafted SAP Diag packets.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: SAP Netweaver 7.0 EHP1/EHP2 (disp+work.exe)
No auth needed
Prerequisites: Developer Traces for 'Dialog Processing' set to level 2 or 3 · Access to TCP port 32NN (SAP system number)
devstral-2 · analyzed Feb 19, 2026 Full analysis →
exploitdb WORKING POC
pythondosmultiple
https://www.exploit-db.com/exploits/20705

The provided Python script demonstrates multiple vulnerabilities in SAP Netweaver Dispatcher, including buffer overflows and denial-of-service conditions. It sends crafted SAP Diag packets to trigger specific functions like DiagTraceR3Info and DiagTraceHex, leading to potential remote code execution or crashes.

Classification
Working Poc 100%
Attack Type
Rce | Dos
Complexity
Moderate
Reliability
Reliable
Target: SAP Netweaver 7.0 EHP1/EHP2 (disp+work.exe)
No auth needed
Prerequisites: Developer Trace for 'Dialog Processing' set to level 2 or 3 · Access to TCP port 32NN (SAP system number)
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75454
Various Sources x_refsource_misc
https://service.sap.com/sap/support/notes/1687910
Various Sources x_refsource_confirm
http://scn.sap.com/docs/DOC-8218
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1027052

Scores

EPSS 0.0335
EPSS Percentile 87.1%

Details

CWE
CWE-119
Status published
Products (1)
sap/netweaver 7.0 ehp1 (2 CPE variants)
Published May 15, 2012
Tracked Since Feb 18, 2026