Vulnerability Description
Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a "3200+SYSNR" TCP port, as demonstrated by port 3201. NOTE: this issue can be leveraged by local users to access a named pipe as the SAPServiceJ2E user.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Sap Web Application Server | 6.40 |
References
- http://secunia.com/advisories/22677PatchVendor Advisory
- http://securityreason.com/securityalert/1828
- http://www.securityfocus.com/archive/1/450394/100/0/threaded
- http://www.securityfocus.com/archive/1/459499/100/0/threaded
- http://www.securityfocus.com/bid/20877
- http://www.securitytracker.com/id?1017628
- http://www.vupen.com/english/advisories/2006/4318Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29982
- https://www.exploit-db.com/exploits/3291
- http://secunia.com/advisories/22677PatchVendor Advisory
- http://securityreason.com/securityalert/1828
- http://www.securityfocus.com/archive/1/450394/100/0/threaded
- http://www.securityfocus.com/archive/1/459499/100/0/threaded
- http://www.securityfocus.com/bid/20877
- http://www.securitytracker.com/id?1017628
FAQ
What is CVE-2006-5784?
CVE-2006-5784 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a "3200+SYSNR...
How severe is CVE-2006-5784?
CVE-2006-5784 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5784?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Sap Web Application Server.