On 4/19/16, 3:19 AM, "ERPScan inc" <erpscan.online@xxxxxxxxx> wrote: >Application: SAP HANA >Versions Affected: SAP HANA >Vendor URL: http://SAP.com >Bugs: DoS >Sent: 28.09.2015 >Reported: 28.09.2015 >Vendor response: 29.09.2015 >Date of Public Advisory: 12.01.2016 >Reference: SAP Security Note 2241978 >Author: Mathieu Geli (ERPScan) > >Description > > >1. ADVISORY INFORMATION > >Title: SAP NetWeaver J2EE Engine 7.40 >Advisory ID: [ERPSCAN-16-005] >Risk: Medium >Advisory URL: http://erpscan.com/advisories/erpscan-16-005-sap-hana-hdbxsengine-json-dos/ >Date published: 12.01.2016 >Vendors contacted: SAP > >2. VULNERABILITY INFORMATION >Class: DoS >Impact: Resource consumption >Remotely Exploitable: Yes >Locally Exploitable: No > >CVSS Information >CVSS Base Score: 5.0 / 10 >CVSS Base Vector: >AV : Access Vector (Related exploit range) Network (N) >AC : Access Complexity (Required attack complexity) Low (L) >Au : Authentication (Level of authentication needed to exploit) None (N) >C : Impact to Confidentiality None (N) >I : Impact to Integrity Partial (P) >A : Impact to Availability None (N) > > > >3. VULNERABILITY DESCRIPTION > >Anonymous attacker can use a special HTTP request to perform a DoS >attack against HANA. > > >4. VULNERABLE PACKAGES > >SAP HANA revision 102.02 >Other versions are probably affected too, but they were not checked. > >5. SOLUTIONS AND WORKAROUNDS > >To correct this vulnerability, install SAP Security Note 2241978 > > >6. AUTHOR > >Mathieu Geli (ERPScan) > > >7. TECHNICAL DESCRIPTION > >An attacker can use a Buffer Overflow vulnerability to inject a >specially crafted code into working memory. The code will be executed >by the vulnerable application. Executed commands will run with the >same privileges as the service that executed them. This can lead to >taking complete control over the application, denial of service, >command execution, and other attacks. > > >8. REPORT TIMELINE >Sent: 28.09.2015 >Reported: 28.09.2015 >Vendor response: 29.09.2015 >Date of Public Advisory: 12.01.2016 > > >9. REFERENCES >http://erpscan.com/advisories/erpscan-16-005-sap-hana-hdbxsengine-json-dos/ > >10. ABOUT ERPScan Research > >The company’s expertise is based on the research subdivision of >ERPScan, which is engaged in vulnerability research and analysis of >critical enterprise applications. It has achieved multiple >acknowledgments from the largest software vendors like SAP, Oracle, >Microsoft, IBM, VMware, HP for discovering more than 400 >vulnerabilities in their solutions (200 of them just in SAP!). >ERPScan researchers are proud to have exposed new types of >vulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be >nominated for the best server-side vulnerability at BlackHat 2013. >ERPScan experts have been invited to speak, present, and train at 60+ >prime international security conferences in 25+ countries across the >continents. These include BlackHat, RSA, HITB, and private SAP >trainings in several Fortune 2000 companies. >ERPScan researchers lead the project EAS-SEC, which is focused on >enterprise application security research and awareness. They have >published 3 exhaustive annual award-winning surveys about SAP >security. >ERPScan experts have been interviewed by leading media resources and >featured in specialized info-sec publications worldwide. These include >Reuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading, >Heise, and Chinabyte, to name a few. >We have highly qualified experts in staff with experience in many >different fields of security, from web applications and >mobile/embedded to reverse engineering and ICS/SCADA systems, >accumulating their experience to conduct the best SAP security >research. > > >11. ABOUT ERPScan > >ERPScan is the most respected and credible Business Application >Security provider. Founded in 2010, the company operates globally and >enables large Oil and Gas, Financial and Retail organizations to >secure their mission-critical processes. Named as an ‘Emerging Vendor’ >in Security by CRN, listed among “TOP 100 SAP Solution providers” and >distinguished by 30+ other awards, ERPScan is the leading SAP SE >partner in discovering and resolving security vulnerabilities. ERPScan >consultants work with SAP SE in Walldorf to assist in improving the >security of their latest solutions. >ERPScan’s primary mission is to close the gap between technical and >business security, and provide solutions to evaluate and secure SAP >and Oracle ERP systems and business-critical applications from both, >cyber-attacks as well as internal fraud. Usually our clients are large >enterprises, Fortune 2000 companies and managed service providers >whose requirements are to actively monitor and manage security of vast >SAP landscapes on a global scale. >We ‘follow the sun’ and function in two hubs, located in the Palo Alto >and Amsterdam to provide threat intelligence services, agile support >and operate local offices and partner network spanning 20+ countries >around the globe. > > >Adress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301 >Phone: 650.798.5255 >Twitter: @erpscan >Scoop-it: Business Application Security
