Multiple stack-based buffer overflows in waHTTP.exe (aka the SAP DB Web Server) in SAP DB, possibly 7.3 through 7.5, allow remote attackers to execute arbitrary code via (1) a certain cookie value; (2) a certain additional parameter, related to sapdbwa_GetQueryString; and other unspecified vectors related to "numerous other fields."
Published 2007-07-06 19:30:00
Updated 2018-10-15 21:29:27
Source MITRE
View at NVD,   CVE.org
Vulnerability category: Execute code

Products affected by CVE-2007-3614

Exploit prediction scoring system (EPSS) score for CVE-2007-3614

59.02%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2007-3614

  • SAP DB 7.4 WebTools Buffer Overflow
    Disclosure Date: 2007-07-05
    First seen: 2020-04-26
    exploit/windows/http/sapdb_webtools
    This module exploits a stack buffer overflow in SAP DB 7.4 WebTools. By sending an overly long GET request, it may be possible for an attacker to execute arbitrary code. Authors: - MC <mc@metasploit.com>

CVSS scores for CVE-2007-3614

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
7.5
HIGH AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
NIST
Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!