SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to denial of service vulnerability.
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506
https://launchpad.support.sap.com/#/notes/3056652
http://seclists.org/fulldisclosure/2022/May/4
http://packetstormsecurity.com/files/166965/SAP-NetWeaver-Java-Denial-Of-Service.html
Source: MITRE
Published: 2021-07-14
Updated: 2022-05-12
Type: NVD-CWE-noinfo
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
Base Score: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 3.9
Severity: HIGH