Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1587361-1)
SAP Support Packages
(J2EE_ENGINE_LM_CORE_710_SP009_000002, J2EE_ENGINE_LM_CORE_710_SP010_000003, J2EE_ENGINE_LM_CORE_710_SP011_000003, J2EE_ENGINE_LM_CORE_710_SP012_000001, J2EE_ENGINE_LM_CORE_710_SP013_000000, J2EE_ENGINE_LM_CORE_710_SP999999_999999, J2EE_ENGINE_LM_CORE_711_SP004_000002, J2EE_ENGINE_LM_CORE_711_SP005_000002, J2EE_ENGINE_LM_CORE_711_SP006_000003, J2EE_ENGINE_LM_CORE_711_SP007_000001, J2EE_ENGINE_LM_CORE_711_SP008_000000, J2EE_ENGINE_LM_CORE_711_SP999999_999999, J2EE_ENGINE_LM_CORE_720_SP002_000005, J2EE_ENGINE_LM_CORE_720_SP003_000004, J2EE_ENGINE_LM_CORE_720_SP004_000002, J2EE_ENGINE_LM_CORE_720_SP005_000001, J2EE_ENGINE_LM_CORE_720_SP006_000000, J2EE_ENGINE_LM_CORE_720_SP999999_999999, J2EE_ENGINE_LM_CORE_730_SP001_000003, J2EE_ENGINE_LM_CORE_730_SP002_000003, J2EE_ENGINE_LM_CORE_730_SP003_000001, J2EE_ENGINE_LM_CORE_730_SP004_000000, J2EE_ENGINE_LM_CORE_730_SP999999_999999, SAP_J2EE_ENGINE_640_SP028_000003, SAP_J2EE_ENGINE_640_SP029_000000, SAP_J2EE_ENGINE_640_SP999999_999999, SAP_JAVA_TECH_SERVICES_640_SP029_000000, SAP_JAVA_TECH_SERVICES_640_SP999999_999999, SAP_JAVA_TECH_SERVICES_700_SP023_000015, SAP_JAVA_TECH_SERVICES_700_SP024_000004, SAP_JAVA_TECH_SERVICES_700_SP025_000002, SAP_JAVA_TECH_SERVICES_700_SP026_000000, SAP_JAVA_TECH_SERVICES_700_SP999999_999999, SAP_JAVA_TECH_SERVICES_701_SP009_000005, SAP_JAVA_TECH_SERVICES_701_SP010_000001, SAP_JAVA_TECH_SERVICES_701_SP011_000000, SAP_JAVA_TECH_SERVICES_701_SP999999_999999, SAP_JAVA_TECH_SERVICES_702_SP007_000010, SAP_JAVA_TECH_SERVICES_702_SP008_000002, SAP_JAVA_TECH_SERVICES_702_SP009_000000, SAP_JAVA_TECH_SERVICES_702_SP999999_999999)
Описание
Приложения NetWeaver Admin (system info, DSR, App tracing) содержат уязвимость "Verb Tampering". Таким образом, если доступ к приложению осуществляется при помощи HTTP-запросов, содержащих нестандартные HTTP-методы, то существует возможность разглашения и/или искажения информации.
Как исправить
Необходимо воспользоваться исправлениями из Service Marketplace, соответствующими вашей версии продукта.
Ссылки