Full Disclosure

[ERPSCAN-16-013] SAP NetWeaver AS Java ctcprotocol servlet – XXE vulnerability

Leave a comment

Posted by ERPScan inc on Jun 18

Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 – 7.5

Vendor URL: http://SAP.com

Bug: XXE

Sent: 20.10.2015

Reported: 21.10.2015

Vendor response: 21.10.2015

Date of Public Advisory: 08.03.2016

Reference: SAP Security Note 2235994

Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION

Title: [ERPSCAN-16-013] SAP NetWeaver AS Java ctcprotocol servlet –
XXE vulnerability

Advisory…

Leave a Reply