SAP » Sap Web Application Server : Security Vulnerabilities, CVEs, Published In 2006 CVSS score >= 2
Unspecified vulnerability in SAP Web Application Server before 6.40 patch 6 allows remote attackers to cause a denial of service (enserver.exe crash) via a certain UDP packet to port 64999, aka "two bytes UDP crash," a different vulnerability than CVE-2006-5785.
Max CVSS
5.0
EPSS Score
0.32%
Published
2006-11-21
Updated
2018-10-17
CVE-2006-6010
Public exploit
SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747.
Max CVSS
5.0
EPSS Score
3.52%
Published
2006-11-21
Updated
2018-10-17
Unspecified vulnerability in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to cause a denial of service (enserver.exe crash) via a 0x72F2 sequence on UDP port 64999.
Max CVSS
5.0
EPSS Score
3.93%
Published
2006-11-07
Updated
2018-10-17
Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a "3200+SYSNR" TCP port, as demonstrated by port 3201. NOTE: this issue can be leveraged by local users to access a named pipe as the SAPServiceJ2E user.
Max CVSS
4.6
EPSS Score
0.24%
Published
2006-11-07
Updated
2018-10-17
SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers.
Max CVSS
6.4
EPSS Score
1.44%
Published
2006-03-07
Updated
2018-10-18
5 vulnerabilities found