The SAP Web Server contains a vulnerability that may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
SAP DB is a database server that includes a series of web-based configuration tools.
A stack based buffer overlfow exists in the SAP DB web server (WAHTTP.exe). Note that this vulnerability only affects the web server that is included with the SAP DB server. Systems hosting the SAP web tools on a different web server are not affected by this vulnerability.
An attacker may be able to execute arbitrary code, or create a denial-of-service condition.
Thanks to Mark Litchfield of NGS software for information that was used in this report.
This document was written by Ryan Giobbi.
|Date First Published:||2007-07-10|
|Date Last Updated:||2007-07-16 15:18 UTC|