CVE-2017-12637

HIGH KEV NUCLEI

SAP NetWeaver Application Server Java 7.5 - Local File Inclusion

Title source: nuclei

Exploitation Summary

CVE-2017-12637 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 19, 2025. EIP tracks 1 public exploit from researchers including abrewer251. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a Python-based scanner for CVE-2017-12637, which exploits a directory traversal vulnerability in SAP NetWeaver to retrieve /etc/passwd. The script automates the detection of LFI by sending crafted HTTP requests and checking for the presence of the root user entry.

Description

Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.

Exploits (1)

nomisec WORKING POC

by abrewer251 · infoleak

https://github.com/abrewer251/CVE-2017-12637_SAP-NetWeaver-URL-Traversal

View Code ZIP pw:eip

This repository contains a Python-based scanner for CVE-2017-12637, which exploits a directory traversal vulnerability in SAP NetWeaver to retrieve /etc/passwd. The script automates the detection of LFI by sending crafted HTTP requests and checking for the presence of the root user entry.

Classification

Working Poc | Scanner 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: SAP NetWeaver

No auth needed

Prerequisites: Python 3.6 or newer · curl CLI · tqdm library

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

SAP NetWeaver Application Server Java 7.5 - Local File Inclusion

HIGHby apt-mirror

Shodan: http.favicon.hash:-266008933

FOFA: icon_hash=-266008933

References (2)

Core 2

Core References

Third Party Advisory

https://web.archive.org/web/20170807202056/http://www.sh0w.top/index.php/archives/7/

Third Party Advisory, US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-12637

Scores

CVSS v3 7.5

EPSS 0.9456

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact partial

Details

CISA KEV 2025-03-19

VulnCheck KEV 2017-08-07

InTheWild.io 2021-04-20

ENISA EUVD EUVD-2017-4176

CWE

CWE-22

Status published

Products (1)

sap/netweaver_application_server_java 7.50

Published Aug 07, 2017

KEV Added Mar 19, 2025

Tracked Since Feb 18, 2026