CVE-2016-3976
CVE-2016-3976
In short
A flaw in SAP NetWeaver AS Java allows attackers to read any file on the server by using special path characters (..\) to escape the intended directory. This is dangerous because sensitive files like configuration and credentials could be exposed.
Technical detail
Directory traversal vulnerability in CrashFileDownloadServlet affecting SAP NetWeaver AS Java 7.1–7.5, exploitable via crafted ..\sequences in the fileName parameter. The vulnerability permits unauthenticated remote file access due to insufficient input validation, leading to confidentiality breach of arbitrary system files.
Summary generated and translated by AI from the official description.
Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
n/a · n/apublic PoCs found — 3
cve_referencepacketstormsecurity.com/files/137528/SAP-NetWeaver-AS-JAVA-7.5-Directory-Traversal.htmlunverifiedcve_referencewww.exploit-db.com/exploits/39996/unverifiedexploitdbwww.exploit-db.com/exploits/39996unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/137528/SAP-NetWeaver-AS-JAVA-7.5-Directory-Traversal.htmlhttp://seclists.org/fulldisclosure/2016/Jun/40https://erpscan.io/advisories/erpscan-16-012/https://erpscan.io/press-center/blog/sap-security-notes-march-2016-review/https://launchpad.support.sap.com/#/notes/2234971https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-3976https://www.exploit-db.com/exploits/39996/