Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1687910-3)
SAP Support Packages
(SAP_KERNEL_640_32_BIT_SP413_000413, SAP_KERNEL_640_32_BIT_SP999999_999999, SAP_KERNEL_640_32_BIT_UNICODE_SP413_000413, SAP_KERNEL_640_32_BIT_UNICODE_SP999999_999999, SAP_KERNEL_640_64_BIT_SP413_000413, SAP_KERNEL_640_64_BIT_SP999999_999999, SAP_KERNEL_640_64_BIT_UNICODE_SP413_000413, SAP_KERNEL_640_64_BIT_UNICODE_SP999999_999999, SAP_KERNEL_640_EX2_32_BIT_SP413_000413, SAP_KERNEL_640_EX2_32_BIT_SP999999_999999, SAP_KERNEL_640_EX2_32_BIT_UC_SP413_000413, SAP_KERNEL_640_EX2_32_BIT_UC_SP999999_999999, SAP_KERNEL_640_EX2_64_BIT_SP413_000413, SAP_KERNEL_640_EX2_64_BIT_SP999999_999999, SAP_KERNEL_640_EX2_64_BIT_UC_SP413_000413, SAP_KERNEL_640_EX2_64_BIT_UC_SP999999_999999, SAP_KERNEL_720_32_BIT_SP317_000317, SAP_KERNEL_720_32_BIT_SP999999_999999, SAP_KERNEL_720_32_BIT_UNICODE_SP317_000317, SAP_KERNEL_720_32_BIT_UNICODE_SP999999_999999, SAP_KERNEL_720_64_BIT_SP317_000317, SAP_KERNEL_720_64_BIT_SP999999_999999, SAP_KERNEL_720_64_BIT_UNICODE_SP317_000317, SAP_KERNEL_720_64_BIT_UNICODE_SP999999_999999, SAP_KERNEL_721_32_BIT_SP027_000027, SAP_KERNEL_721_32_BIT_SP999999_999999, SAP_KERNEL_721_32_BIT_UNICODE_SP027_000027, SAP_KERNEL_721_32_BIT_UNICODE_SP999999_999999, SAP_KERNEL_721_64_BIT_SP027_000027, SAP_KERNEL_721_64_BIT_SP999999_999999, SAP_KERNEL_721_64_BIT_UNICODE_SP027_000027, SAP_KERNEL_721_64_BIT_UNICODE_SP999999_999999, SAP_KERNEL_721_EXT_32_BIT_SP027_000027, SAP_KERNEL_721_EXT_32_BIT_SP999999_999999, SAP_KERNEL_721_EXT_32_BIT_UC_SP027_000027, SAP_KERNEL_721_EXT_32_BIT_UC_SP999999_999999, SAP_KERNEL_721_EXT_64_BIT_SP027_000027, SAP_KERNEL_721_EXT_64_BIT_SP999999_999999, SAP_KERNEL_721_EXT_64_BIT_UC_SP027_000027, SAP_KERNEL_721_EXT_64_BIT_UC_SP999999_999999)
Описание
The problem is caused by a resource exhaustion condition. An attackercan launch a specifically crafted request that causes the process to consume excessive resources. As a result, no other processes can allocate new resources, rendering the system unavailable. This condition can be intentionally provoked by an attacker to cause a denial of service.
Как исправить
Please apply the patch level of the SAP kernel (disp+work) mentioned in this note at least.For the installation of the downward compatible kernel (DCK) release 7.20 see SAP note 1636252 for details.
Ссылки