CVE-2021-33670

high

Description

SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to denial of service vulnerability.

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506

https://launchpad.support.sap.com/#/notes/3056652

http://seclists.org/fulldisclosure/2022/May/4

http://packetstormsecurity.com/files/166965/SAP-NetWeaver-Java-Denial-Of-Service.html

Details

Source: MITRE

Published: 2021-07-14

Updated: 2022-05-12

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH