BugTraq
Back to list
|
Post reply
[ERPSCAN-16-005] SAP HANA hdbxsengine JSON â?? DoS vulnerability
Apr 19 2016 10:19AM
ERPScan inc (erpscan online gmail com)
(1 replies)
Re: [ERPSCAN-16-005] SAP HANA hdbxsengine JSON â?? DoS vulnerability
Apr 27 2016 07:33PM
Mahmut Firuz Dumlupinar - Vendor (firuz dumlupinar vudu com)
On 4/19/16, 3:19 AM, "ERPScan inc" <erpscan.online (at) gmail (dot) com [email concealed]> wrote:
>Application: SAP HANA
>Versions Affected: SAP HANA
>Vendor URL: http://SAP.com
>Bugs: DoS
>Sent: 28.09.2015
>Reported: 28.09.2015
>Vendor response: 29.09.2015
>Date of Public Advisory: 12.01.2016
>Reference: SAP Security Note 2241978
>Author: Mathieu Geli (ERPScan)
>
>Description
>
>
>1. ADVISORY INFORMATION
>
>Title: SAP NetWeaver J2EE Engine 7.40
>Advisory ID: [ERPSCAN-16-005]
>Risk: Medium
>Advisory URL: http://erpscan.com/advisories/erpscan-16-005-sap-hana-hdbxsengine-json-d
os/
>Date published: 12.01.2016
>Vendors contacted: SAP
>
>2. VULNERABILITY INFORMATION
>Class: DoS
>Impact: Resource consumption
>Remotely Exploitable: Yes
>Locally Exploitable: No
>
>CVSS Information
>CVSS Base Score: 5.0 / 10
>CVSS Base Vector:
>AV : Access Vector (Related exploit range) Network (N)
>AC : Access Complexity (Required attack complexity) Low (L)
>Au : Authentication (Level of authentication needed to exploit) None (N)
>C : Impact to Confidentiality None (N)
>I : Impact to Integrity Partial (P)
>A : Impact to Availability None (N)
>
>
>
>3. VULNERABILITY DESCRIPTION
>
>Anonymous attacker can use a special HTTP request to perform a DoS
>attack against HANA.
>
>
>4. VULNERABLE PACKAGES
>
>SAP HANA revision 102.02
>Other versions are probably affected too, but they were not checked.
>
>5. SOLUTIONS AND WORKAROUNDS
>
>To correct this vulnerability, install SAP Security Note 2241978
>
>
>6. AUTHOR
>
>Mathieu Geli (ERPScan)
>
>
>7. TECHNICAL DESCRIPTION
>
>An attacker can use a Buffer Overflow vulnerability to inject a
>specially crafted code into working memory. The code will be executed
>by the vulnerable application. Executed commands will run with the
>same privileges as the service that executed them. This can lead to
>taking complete control over the application, denial of service,
>command execution, and other attacks.
>
>
>8. REPORT TIMELINE
>Sent: 28.09.2015
>Reported: 28.09.2015
>Vendor response: 29.09.2015
>Date of Public Advisory: 12.01.2016
>
>
>9. REFERENCES
>http://erpscan.com/advisories/erpscan-16-005-sap-hana-hdbxsengine-json-
dos/
>
>10. ABOUT ERPScan Research
>
>The companyâ??s expertise is based on the research subdivision of
>ERPScan, which is engaged in vulnerability research and analysis of
>critical enterprise applications. It has achieved multiple
>acknowledgments from the largest software vendors like SAP, Oracle,
>Microsoft, IBM, VMware, HP for discovering more than 400
>vulnerabilities in their solutions (200 of them just in SAP!).
>ERPScan researchers are proud to have exposed new types of
>vulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be
>nominated for the best server-side vulnerability at BlackHat 2013.
>ERPScan experts have been invited to speak, present, and train at 60+
>prime international security conferences in 25+ countries across the
>continents. These include BlackHat, RSA, HITB, and private SAP
>trainings in several Fortune 2000 companies.
>ERPScan researchers lead the project EAS-SEC, which is focused on
>enterprise application security research and awareness. They have
>published 3 exhaustive annual award-winning surveys about SAP
>security.
>ERPScan experts have been interviewed by leading media resources and
>featured in specialized info-sec publications worldwide. These include
>Reuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading,
>Heise, and Chinabyte, to name a few.
>We have highly qualified experts in staff with experience in many
>different fields of security, from web applications and
>mobile/embedded to reverse engineering and ICS/SCADA systems,
>accumulating their experience to conduct the best SAP security
>research.
>
>
>11. ABOUT ERPScan
>
>ERPScan is the most respected and credible Business Application
>Security provider. Founded in 2010, the company operates globally and
>enables large Oil and Gas, Financial and Retail organizations to
>secure their mission-critical processes. Named as an â??Emerging Vendorâ??
>in Security by CRN, listed among â??TOP 100 SAP Solution providersâ? and
>distinguished by 30+ other awards, ERPScan is the leading SAP SE
>partner in discovering and resolving security vulnerabilities. ERPScan
>consultants work with SAP SE in Walldorf to assist in improving the
>security of their latest solutions.
>ERPScanâ??s primary mission is to close the gap between technical and
>business security, and provide solutions to evaluate and secure SAP
>and Oracle ERP systems and business-critical applications from both,
>cyber-attacks as well as internal fraud. Usually our clients are large
>enterprises, Fortune 2000 companies and managed service providers
>whose requirements are to actively monitor and manage security of vast
>SAP landscapes on a global scale.
>We â??follow the sunâ?? and function in two hubs, located in the Palo Alto
>and Amsterdam to provide threat intelligence services, agile support
>and operate local offices and partner network spanning 20+ countries
>around the globe.
>
>
>Adress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301
>Phone: 650.798.5255
>Twitter: @erpscan
>Scoop-it: Business Application Security
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
On 4/19/16, 3:19 AM, "ERPScan inc" <erpscan.online (at) gmail (dot) com [email concealed]> wrote:
>Application: SAP HANA
>Versions Affected: SAP HANA
>Vendor URL: http://SAP.com
>Bugs: DoS
>Sent: 28.09.2015
>Reported: 28.09.2015
>Vendor response: 29.09.2015
>Date of Public Advisory: 12.01.2016
>Reference: SAP Security Note 2241978
>Author: Mathieu Geli (ERPScan)
>
>Description
>
>
>1. ADVISORY INFORMATION
>
>Title: SAP NetWeaver J2EE Engine 7.40
>Advisory ID: [ERPSCAN-16-005]
>Risk: Medium
>Advisory URL: http://erpscan.com/advisories/erpscan-16-005-sap-hana-hdbxsengine-json-d
os/
>Date published: 12.01.2016
>Vendors contacted: SAP
>
>2. VULNERABILITY INFORMATION
>Class: DoS
>Impact: Resource consumption
>Remotely Exploitable: Yes
>Locally Exploitable: No
>
>CVSS Information
>CVSS Base Score: 5.0 / 10
>CVSS Base Vector:
>AV : Access Vector (Related exploit range) Network (N)
>AC : Access Complexity (Required attack complexity) Low (L)
>Au : Authentication (Level of authentication needed to exploit) None (N)
>C : Impact to Confidentiality None (N)
>I : Impact to Integrity Partial (P)
>A : Impact to Availability None (N)
>
>
>
>3. VULNERABILITY DESCRIPTION
>
>Anonymous attacker can use a special HTTP request to perform a DoS
>attack against HANA.
>
>
>4. VULNERABLE PACKAGES
>
>SAP HANA revision 102.02
>Other versions are probably affected too, but they were not checked.
>
>5. SOLUTIONS AND WORKAROUNDS
>
>To correct this vulnerability, install SAP Security Note 2241978
>
>
>6. AUTHOR
>
>Mathieu Geli (ERPScan)
>
>
>7. TECHNICAL DESCRIPTION
>
>An attacker can use a Buffer Overflow vulnerability to inject a
>specially crafted code into working memory. The code will be executed
>by the vulnerable application. Executed commands will run with the
>same privileges as the service that executed them. This can lead to
>taking complete control over the application, denial of service,
>command execution, and other attacks.
>
>
>8. REPORT TIMELINE
>Sent: 28.09.2015
>Reported: 28.09.2015
>Vendor response: 29.09.2015
>Date of Public Advisory: 12.01.2016
>
>
>9. REFERENCES
>http://erpscan.com/advisories/erpscan-16-005-sap-hana-hdbxsengine-json-
dos/
>
>10. ABOUT ERPScan Research
>
>The companyâ??s expertise is based on the research subdivision of
>ERPScan, which is engaged in vulnerability research and analysis of
>critical enterprise applications. It has achieved multiple
>acknowledgments from the largest software vendors like SAP, Oracle,
>Microsoft, IBM, VMware, HP for discovering more than 400
>vulnerabilities in their solutions (200 of them just in SAP!).
>ERPScan researchers are proud to have exposed new types of
>vulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be
>nominated for the best server-side vulnerability at BlackHat 2013.
>ERPScan experts have been invited to speak, present, and train at 60+
>prime international security conferences in 25+ countries across the
>continents. These include BlackHat, RSA, HITB, and private SAP
>trainings in several Fortune 2000 companies.
>ERPScan researchers lead the project EAS-SEC, which is focused on
>enterprise application security research and awareness. They have
>published 3 exhaustive annual award-winning surveys about SAP
>security.
>ERPScan experts have been interviewed by leading media resources and
>featured in specialized info-sec publications worldwide. These include
>Reuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading,
>Heise, and Chinabyte, to name a few.
>We have highly qualified experts in staff with experience in many
>different fields of security, from web applications and
>mobile/embedded to reverse engineering and ICS/SCADA systems,
>accumulating their experience to conduct the best SAP security
>research.
>
>
>11. ABOUT ERPScan
>
>ERPScan is the most respected and credible Business Application
>Security provider. Founded in 2010, the company operates globally and
>enables large Oil and Gas, Financial and Retail organizations to
>secure their mission-critical processes. Named as an â??Emerging Vendorâ??
>in Security by CRN, listed among â??TOP 100 SAP Solution providersâ? and
>distinguished by 30+ other awards, ERPScan is the leading SAP SE
>partner in discovering and resolving security vulnerabilities. ERPScan
>consultants work with SAP SE in Walldorf to assist in improving the
>security of their latest solutions.
>ERPScanâ??s primary mission is to close the gap between technical and
>business security, and provide solutions to evaluate and secure SAP
>and Oracle ERP systems and business-critical applications from both,
>cyber-attacks as well as internal fraud. Usually our clients are large
>enterprises, Fortune 2000 companies and managed service providers
>whose requirements are to actively monitor and manage security of vast
>SAP landscapes on a global scale.
>We â??follow the sunâ?? and function in two hubs, located in the Palo Alto
>and Amsterdam to provide threat intelligence services, agile support
>and operate local offices and partner network spanning 20+ countries
>around the globe.
>
>
>Adress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301
>Phone: 650.798.5255
>Twitter: @erpscan
>Scoop-it: Business Application Security
[ reply ]