CVE-2017-5997

Published: Feb 15, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remote attackers to cause a denial of service (memory consumption and process crash) via multiple msgserver/group?group= requests with a crafted size of the group parameter, aka SAP Security Note 2358972.

Affected (3)

Products: Sap: Sap Kernel

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Sap Sap Kernel	Version 7.21
Sap Sap Kernel	Version 7.22
Sap Sap Kernel	Version 7.42

Related CWEs

Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

References (2)

https://erpscan.io/advisories/erpscan-16-038-sap-message-server-http-remote-dos/

Source: cve@mitre.org

https://erpscan.io/advisories/erpscan-16-038-sap-message-server-http-remote-dos/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.