Vulnerability Description
SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to denial of service vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Netweaver Application Server Java | 7.10 |
References
- http://packetstormsecurity.com/files/166965/SAP-NetWeaver-Java-Denial-Of-ServicePatchThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2022/May/4Mailing ListPatchThird Party Advisory
- https://launchpad.support.sap.com/#/notes/3056652Permissions Required
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506Vendor Advisory
- http://packetstormsecurity.com/files/166965/SAP-NetWeaver-Java-Denial-Of-ServicePatchThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2022/May/4Mailing ListPatchThird Party Advisory
- https://launchpad.support.sap.com/#/notes/3056652Permissions Required
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506Vendor Advisory
FAQ
What is CVE-2021-33670?
CVE-2021-33670 is a vulnerability with a CVSS score of 7.5 (HIGH). SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby c...
How severe is CVE-2021-33670?
CVE-2021-33670 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-33670?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Netweaver Application Server Java.