virus logo Intrusion Prevention

SAP.NetWeaver.CrashFileDownloadServlet.Path.Traversal

description-logoDescription

This indicates an attack attempt to exploit a Directory Traversal vulnerability in SAP NetWeaver AS Java.
The vulnerability is due to insufficient validation of user input. A remote authenticated attacker can exploit the vulnerability by sending malicious requests to the target server. Successful exploitation could result in the disclosure of server contents.

affected-products-logoAffected Products

SAP NetWeaver AS Java 7.10 to 7.50

Impact logoImpact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Apply the latest upgrade or patch from the vendor:
https://service.sap.com/sap/support/notes/2234971

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Status Detail
2024-07-25 28.833
Modified
 Name:SAP.
NetWeaver.
CrashFileDownloadServlet.
Directory.
Traversal:SAP.
NetWeaver.
CrashFileDownloadServlet.
Path.
Traversal
2021-06-02 18.090
Modified
 Default_action:pass:drop
2021-04-13 18.058
New
ID 50180
Created Apr 13, 2021
Updated Jul 23, 2024
CVE ID
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Known Exploited Yes
Exploit Prediction Score 81.47%
Default Action drop
Active
Affected OS Windows, Linux
Affected App SAP
Profile Type Path Traversal