Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

MaxDB WebSQL < Remote Overflow



The remote host is vulnerable to a buffer overflow.


The remote host is running the MaxDB SAP Web server that includes an administrative CGI called WebSQL. It has been reported that there is a remote buffer overflow within the WebSQL logon form. Specifically, a large username is reported to trigger a buffer overflow. More generally, the existence of the WebSQL script indicates that regardless of the version, the site administrators have allowed remote plaintext administration of the server. An attacker can use anonymous access to gain information regarding configured databases, server name, physical path of files, and more.


Upgrade to version or higher. In addition, use access control lists to block anonymous access to the webserver configuration pages.