CVE-2017-5997
HIGHSAP KERNEL 7.21-7.49 - Denial of Service via Crafted Group Parameter in Message Server HTTP Daemon
Title source: llmDescription
The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remote attackers to cause a denial of service (memory consumption and process crash) via multiple msgserver/group?group= requests with a crafted size of the group parameter, aka SAP Security Note 2358972.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://erpscan.io/advisories/erpscan-16-038-sap-message-server-http-remote-dos/
Scores
CVSS v3
7.5
EPSS
0.0074
EPSS Percentile
73.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-772
Status
published
Products (3)
sap/sap_kernel
7.21
sap/sap_kernel
7.22
sap/sap_kernel
7.42
Published
Feb 15, 2017
Tracked Since
Feb 18, 2026