Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в SAP NetWeaver
Опубликовано:14 мая 2012 г.
Источник:
SecurityVulns ID:12379
Тип:удаленная
Уровень опасности:
6/10
Описание:Многочисленные уязвимости в службе Dispatcher.
Затронутые продукты:SAP : NetWeaver 7.0
CVE:CVE-2012-2514 (The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.)
 CVE-2012-2513 (The Diaginput function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.)
 CVE-2012-2512 (The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.)
 CVE-2012-2511 (The DiagTraceAtoms function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.)
 CVE-2011-1517
 CVE-2011-1516 (The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 10.5.x through 10.7.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of osascript to send Apple events to the launchd daemon, a related issue to CVE-2008-7303.)
Оригинальный текстdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2012-0123 - SAP Netweaver Dispatcher Multiple Vulnerabilities (14.05.2012)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород