Vulnerability Details CVE-2021-33670
SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to denial of service vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.018
EPSS Ranking 82.1%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://packetstormsecurity.com/files/166965/SAP-NetWeaver-Java-Denial-Of-Service.html
- http://seclists.org/fulldisclosure/2022/May/4
- https://launchpad.support.sap.com/#/notes/3056652
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506
- http://packetstormsecurity.com/files/166965/SAP-NetWeaver-Java-Denial-Of-Service.html
- http://seclists.org/fulldisclosure/2022/May/4
- https://launchpad.support.sap.com/#/notes/3056652
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506
Products affected by CVE-2021-33670
-
cpe:2.3:a:sap:netweaver_application_server_java:7.10
-
cpe:2.3:a:sap:netweaver_application_server_java:7.11
-
cpe:2.3:a:sap:netweaver_application_server_java:7.20
-
cpe:2.3:a:sap:netweaver_application_server_java:7.30
-
cpe:2.3:a:sap:netweaver_application_server_java:7.31
-
cpe:2.3:a:sap:netweaver_application_server_java:7.40
-
cpe:2.3:a:sap:netweaver_application_server_java:7.50