CVE-2014-0995

Published: Nov 6, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern.

Affected (2)

Products: Sap: Netweaver

Sap

1 product

Netweaver

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Sap Netweaver	Up to 7.01
Sap Netweaver	Version 7.20

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (16)

http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/

Source: cve@mitre.org

Third Party Advisory

http://packetstormsecurity.com/files/128726/SAP-Netweaver-Enqueue-Server-Trace-Pattern-Denial-Of-Service.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2014/Oct/76

Source: cve@mitre.org

ExploitMailing ListThird Party Advisory

http://secunia.com/advisories/60950

Source: cve@mitre.org

Third Party Advisory

http://www.coresecurity.com/advisories/sap-netweaver-enqueue-server-trace-pattern-denial-service-vulnerability

Source: cve@mitre.org

ExploitThird Party Advisory

http://www.securityfocus.com/archive/1/533719/100/0/threaded

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/97610

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://twitter.com/SAP_Gsupport/status/522750365780160513

Source: cve@mitre.org

Broken Link

http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/