CVE-2016-3980

Published: Apr 8, 2016Modified: May 6, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The Java Startup Framework (aka jstart) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted HTTP request, aka SAP Security Note 2259547.

Affected (1)

Products: Sap: Application Server Java

Sap

1 product

Application Server Java

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Application Server Java	From 7.2 to 7.4

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

http://packetstormsecurity.com/files/137591/SAP-NetWeaver-AS-JAVA-7.4-jstart-Denial-Of-Service.html

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2016/Jun/56

Source: cve@mitre.org

Mailing ListThird Party AdvisoryVDB Entry

https://erpscan.io/advisories/erpscan-16-018-sap-java-jstart-dos/

Source: cve@mitre.org

http://packetstormsecurity.com/files/137591/SAP-NetWeaver-AS-JAVA-7.4-jstart-Denial-Of-Service.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2016/Jun/56

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party AdvisoryVDB Entry

https://erpscan.io/advisories/erpscan-16-018-sap-java-jstart-dos/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.