CVE-2016-1929
CRITICALSAP HANA - Denial of Service via Log Spoofing in XS Engine
Title source: llmDescription
The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service (disk consumption and process crash) via a crafted HTTP request, related to an unspecified debug function, aka SAP Security Note 2241978.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
https://erpscan.io/advisories/erpscan-16-002-sap-hana-log-injection-and-no-size-restriction/
Third Party Advisory x_refsource_misc
https://erpscan.io/press-center/blog/sap-security-notes-january-2016-review/
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2016/Apr/59
Scores
CVSS v3
9.3
EPSS
0.0133
EPSS Percentile
80.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H
Details
CWE
CWE-20
Status
published
Products (1)
sap/hana
Published
Jan 20, 2016
Tracked Since
Feb 18, 2026