• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Note 1753378 - Directory traversal in Web Container

Главная Специалистам База уязвимостей Note 1753378 - Directory traversal in Web Container

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
(AV:N/AC:L/AU:N/C:P/I:N/A:NSAP)
Производитель ПО
SAP
Наименование ПО
SAP Notes (1753378-2) SAP Support Packages (J2EE_ENGINE_SERVERCORE_710_SP012_000027, J2EE_ENGINE_SERVERCORE_710_SP013_000018, J2EE_ENGINE_SERVERCORE_710_SP014_000021, J2EE_ENGINE_SERVERCORE_710_SP015_000003, J2EE_ENGINE_SERVERCORE_710_SP016_000000, J2EE_ENGINE_SERVERCORE_710_SP999999_999999, J2EE_ENGINE_SERVERCORE_711_SP007_000028, J2EE_ENGINE_SERVERCORE_711_SP008_000024, J2EE_ENGINE_SERVERCORE_711_SP009_000024, J2EE_ENGINE_SERVERCORE_711_SP010_000006, J2EE_ENGINE_SERVERCORE_711_SP011_000000, J2EE_ENGINE_SERVERCORE_711_SP999999_999999, J2EE_ENGINE_SERVERCORE_720_SP005_000042, J2EE_ENGINE_SERVERCORE_720_SP006_000032, J2EE_ENGINE_SERVERCORE_720_SP007_000027, J2EE_ENGINE_SERVERCORE_720_SP008_000005, J2EE_ENGINE_SERVERCORE_720_SP009_000000, J2EE_ENGINE_SERVERCORE_720_SP999999_999999, J2EE_ENGINE_SERVERCORE_730_SP002_000031, J2EE_ENGINE_SERVERCORE_730_SP003_000033, J2EE_ENGINE_SERVERCORE_730_SP004_000029, J2EE_ENGINE_SERVERCORE_730_SP005_000042, J2EE_ENGINE_SERVERCORE_730_SP007_000029, J2EE_ENGINE_SERVERCORE_730_SP008_000001, J2EE_ENGINE_SERVERCORE_730_SP009_000000, J2EE_ENGINE_SERVERCORE_730_SP999999_999999, J2EE_ENGINE_SERVERCORE_731_SP002_000026, J2EE_ENGINE_SERVERCORE_731_SP003_000022, J2EE_ENGINE_SERVERCORE_731_SP004_000014, J2EE_ENGINE_SERVERCORE_731_SP005_000001, J2EE_ENGINE_SERVERCORE_731_SP006_000000, J2EE_ENGINE_SERVERCORE_731_SP999999_999999, SAP_J2EE_ENGINE_640_SP026_000032, SAP_J2EE_ENGINE_640_SP027_000028, SAP_J2EE_ENGINE_640_SP028_000017, SAP_J2EE_ENGINE_640_SP029_000011, SAP_J2EE_ENGINE_640_SP030_000003, SAP_J2EE_ENGINE_640_SP031_000000, SAP_J2EE_ENGINE_640_SP999999_999999, SAP_J2EE_ENGINE_CORE_640_SP031_000000, SAP_J2EE_ENGINE_CORE_640_SP999999_999999, SAP_J2EE_ENGINE_CORE_700_SP024_000019, SAP_J2EE_ENGINE_CORE_700_SP025_000017, SAP_J2EE_ENGINE_CORE_700_SP026_000015, SAP_J2EE_ENGINE_CORE_700_SP027_000004, SAP_J2EE_ENGINE_CORE_700_SP028_000000, SAP_J2EE_ENGINE_CORE_700_SP999999_999999, SAP_J2EE_ENGINE_CORE_701_SP009_000021, SAP_J2EE_ENGINE_CORE_701_SP010_000020, SAP_J2EE_ENGINE_CORE_701_SP011_000016, SAP_J2EE_ENGINE_CORE_701_SP012_000005, SAP_J2EE_ENGINE_CORE_701_SP013_000000, SAP_J2EE_ENGINE_CORE_701_SP999999_999999, SAP_J2EE_ENGINE_CORE_702_SP007_000024, SAP_J2EE_ENGINE_CORE_702_SP008_000023, SAP_J2EE_ENGINE_CORE_702_SP009_000023, SAP_J2EE_ENGINE_CORE_702_SP010_000019, SAP_J2EE_ENGINE_CORE_702_SP011_000022, SAP_J2EE_ENGINE_CORE_702_SP012_000005, SAP_J2EE_ENGINE_CORE_702_SP013_000000, SAP_J2EE_ENGINE_CORE_702_SP999999_999999)
Описание
The programs specified in the correction instructions contain vulnerabilities through which an attacker can potentially read arbitrary  files under one specific directory on the remote server, possibly disclosing confidential information.
Как исправить
Update your AS Java to a fixed version and SP. For more details see "SP Patch Level" section of this note.
Ссылки