Vulnerability Details CVE-2016-3980
The Java Startup Framework (aka jstart) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted HTTP request, aka SAP Security Note 2259547.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.033
EPSS Ranking 86.7%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://packetstormsecurity.com/files/137591/SAP-NetWeaver-AS-JAVA-7.4-jstart-Denial-Of-Service.html
- http://seclists.org/fulldisclosure/2016/Jun/56
- https://erpscan.io/advisories/erpscan-16-018-sap-java-jstart-dos/
- http://packetstormsecurity.com/files/137591/SAP-NetWeaver-AS-JAVA-7.4-jstart-Denial-Of-Service.html
- http://seclists.org/fulldisclosure/2016/Jun/56
- https://erpscan.io/advisories/erpscan-16-018-sap-java-jstart-dos/
Products affected by CVE-2016-3980
-
cpe:2.3:a:sap:application_server_java:7.2
-
cpe:2.3:a:sap:application_server_java:7.3
-
cpe:2.3:a:sap:application_server_java:7.4