CVE-2012-2612

SAP NetWeaver <7.0 EHP2 - DoS

Title source: llm

Description

The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Core Security · textdoswindows

https://www.exploit-db.com/exploits/18853

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Core Security · pythondosmultiple

https://www.exploit-db.com/exploits/20705

View Code ZIP pw:eip

References (5)

[Various Sources] http://scn.sap.com/docs/DOC-8218

[Exploit] http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities

[Various Sources] https://service.sap.com/sap/support/notes/1687910

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/75452

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1027052

Scores

EPSS 0.3199

EPSS Percentile 96.7%

Classification

CWE

CWE-119

Status draft

Affected Products (2)

sap/netweaver

Timeline

Published May 15, 2012

Tracked Since Feb 18, 2026