Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for internet_communication_manager by sap

    CVE-2021-33683 (GCVE-0-2021-33683)

    Vulnerability from nvd – Published: 2021-07-14 11:04 – Updated: 2024-08-03 23:58
    VLAI
    Summary
    SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, process invalid HTTP header. The incorrect handling of the invalid Transfer-Encoding header in a particular manner leads to a possibility of HTTP Request Smuggling attack. An attacker could exploit this vulnerability to bypass web application firewall protection, divert sensitive data such as customer requests, session credentials, etc.
    CWE
    • CWE-444 - (HTTP Request Smuggling)
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP Web Dispatcher and Internet Communication Manager Affected: < KRNL32NUC 7.21
    Affected: < 7.21EXT
    Affected: < 7.22
    Affected: < 7.22EXT
    Affected: < KRNL32UC 7.21
    Affected: < KRNL64NUC 7.21
    Affected: < 7.49
    Affected: < KRNL64UC 7.21
    Affected: < 7.53
    Affected: < 7.73
    Affected: < WEBDISP 7.53
    Affected: < 7.77
    Affected: < 7.81
    Affected: < 7.82
    Affected: < 7.83
    Affected: < KERNEL 7.21
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:58:22.780Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3000663"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP Web Dispatcher and Internet Communication Manager",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c KRNL32NUC 7.21"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.21EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c KRNL32UC 7.21"
                },
                {
                  "status": "affected",
                  "version": "\u003c KRNL64NUC 7.21"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.49"
                },
                {
                  "status": "affected",
                  "version": "\u003c KRNL64UC 7.21"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.53"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.73"
                },
                {
                  "status": "affected",
                  "version": "\u003c WEBDISP 7.53"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.77"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.81"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.82"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.83"
                },
                {
                  "status": "affected",
                  "version": "\u003c KERNEL 7.21"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, process invalid HTTP header. The incorrect handling of the invalid Transfer-Encoding header in a particular manner leads to a possibility of HTTP Request Smuggling attack. An attacker could exploit this vulnerability to bypass web application firewall protection, divert sensitive data such as customer requests, session credentials, etc."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-444",
                  "description": "CWE-444 (HTTP Request Smuggling)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-14T11:04:45.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/3000663"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2021-33683",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP Web Dispatcher and Internet Communication Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "KRNL32NUC 7.21"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "KRNL32UC 7.21"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "KRNL64NUC 7.21"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.49"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "KRNL64UC 7.21"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.49"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.53"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.73"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "WEBDISP 7.53"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.73"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.77"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.81"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.82"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.83"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "KERNEL 7.21"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.49"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.53"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.73"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.77"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.81"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.82"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.83"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, process invalid HTTP header. The incorrect handling of the invalid Transfer-Encoding header in a particular manner leads to a possibility of HTTP Request Smuggling attack. An attacker could exploit this vulnerability to bypass web application firewall protection, divert sensitive data such as customer requests, session credentials, etc."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "5.4",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-444 (HTTP Request Smuggling)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/3000663",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/3000663"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2021-33683",
        "datePublished": "2021-07-14T11:04:45.000Z",
        "dateReserved": "2021-05-28T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:58:22.780Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-3615 (GCVE-0-2007-3615)

    Vulnerability from nvd – Published: 2007-07-06 19:00 – Updated: 2024-08-07 14:21
    VLAI
    Summary
    Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://archives.neohapsis.com/archives/fulldisclo… mailing-listx_refsource_FULLDISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/archive/1/472890/100… mailing-listx_refsource_BUGTRAQ
    http://osvdb.org/38095 vdb-entryx_refsource_OSVDB
    http://www.ngssoftware.com/advisories/high-risk-v… x_refsource_MISC
    http://secunia.com/advisories/25964 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1018336 vdb-entryx_refsource_SECTRACK
    http://www.vupen.com/english/advisories/2007/2450 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/24774 vdb-entryx_refsource_BID
    http://securityreason.com/securityalert/2875 third-party-advisoryx_refsource_SREASON
    Date Public
    2007-07-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:21:36.422Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20070705 Internet Communication Manager Denial Of Service Attack",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0105.html"
              },
              {
                "name": "sap-icman-dos(35278)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35278"
              },
              {
                "name": "20070705 Internet Communication Manager Denial Of Service Attack",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/472890/100/0/threaded"
              },
              {
                "name": "38095",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/38095"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/"
              },
              {
                "name": "25964",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25964"
              },
              {
                "name": "1018336",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018336"
              },
              {
                "name": "ADV-2007-2450",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/2450"
              },
              {
                "name": "24774",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/24774"
              },
              {
                "name": "2875",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/2875"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-07-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20070705 Internet Communication Manager Denial Of Service Attack",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0105.html"
            },
            {
              "name": "sap-icman-dos(35278)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35278"
            },
            {
              "name": "20070705 Internet Communication Manager Denial Of Service Attack",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/472890/100/0/threaded"
            },
            {
              "name": "38095",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/38095"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/"
            },
            {
              "name": "25964",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25964"
            },
            {
              "name": "1018336",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018336"
            },
            {
              "name": "ADV-2007-2450",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2450"
            },
            {
              "name": "24774",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/24774"
            },
            {
              "name": "2875",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/2875"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-3615",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20070705 Internet Communication Manager Denial Of Service Attack",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0105.html"
                },
                {
                  "name": "sap-icman-dos(35278)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35278"
                },
                {
                  "name": "20070705 Internet Communication Manager Denial Of Service Attack",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/472890/100/0/threaded"
                },
                {
                  "name": "38095",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/38095"
                },
                {
                  "name": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/",
                  "refsource": "MISC",
                  "url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/"
                },
                {
                  "name": "25964",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25964"
                },
                {
                  "name": "1018336",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018336"
                },
                {
                  "name": "ADV-2007-2450",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/2450"
                },
                {
                  "name": "24774",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/24774"
                },
                {
                  "name": "2875",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/2875"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-3615",
        "datePublished": "2007-07-06T19:00:00.000Z",
        "dateReserved": "2007-07-06T00:00:00.000Z",
        "dateUpdated": "2024-08-07T14:21:36.422Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33683 (GCVE-0-2021-33683)

    Vulnerability from cvelistv5 – Published: 2021-07-14 11:04 – Updated: 2024-08-03 23:58
    VLAI
    Summary
    SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, process invalid HTTP header. The incorrect handling of the invalid Transfer-Encoding header in a particular manner leads to a possibility of HTTP Request Smuggling attack. An attacker could exploit this vulnerability to bypass web application firewall protection, divert sensitive data such as customer requests, session credentials, etc.
    CWE
    • CWE-444 - (HTTP Request Smuggling)
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP Web Dispatcher and Internet Communication Manager Affected: < KRNL32NUC 7.21
    Affected: < 7.21EXT
    Affected: < 7.22
    Affected: < 7.22EXT
    Affected: < KRNL32UC 7.21
    Affected: < KRNL64NUC 7.21
    Affected: < 7.49
    Affected: < KRNL64UC 7.21
    Affected: < 7.53
    Affected: < 7.73
    Affected: < WEBDISP 7.53
    Affected: < 7.77
    Affected: < 7.81
    Affected: < 7.82
    Affected: < 7.83
    Affected: < KERNEL 7.21
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:58:22.780Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3000663"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP Web Dispatcher and Internet Communication Manager",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c KRNL32NUC 7.21"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.21EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c KRNL32UC 7.21"
                },
                {
                  "status": "affected",
                  "version": "\u003c KRNL64NUC 7.21"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.49"
                },
                {
                  "status": "affected",
                  "version": "\u003c KRNL64UC 7.21"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.53"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.73"
                },
                {
                  "status": "affected",
                  "version": "\u003c WEBDISP 7.53"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.77"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.81"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.82"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.83"
                },
                {
                  "status": "affected",
                  "version": "\u003c KERNEL 7.21"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, process invalid HTTP header. The incorrect handling of the invalid Transfer-Encoding header in a particular manner leads to a possibility of HTTP Request Smuggling attack. An attacker could exploit this vulnerability to bypass web application firewall protection, divert sensitive data such as customer requests, session credentials, etc."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-444",
                  "description": "CWE-444 (HTTP Request Smuggling)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-14T11:04:45.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/3000663"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2021-33683",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP Web Dispatcher and Internet Communication Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "KRNL32NUC 7.21"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "KRNL32UC 7.21"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "KRNL64NUC 7.21"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.49"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "KRNL64UC 7.21"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.49"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.53"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.73"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "WEBDISP 7.53"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.73"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.77"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.81"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.82"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.83"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "KERNEL 7.21"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.49"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.53"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.73"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.77"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.81"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.82"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.83"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, process invalid HTTP header. The incorrect handling of the invalid Transfer-Encoding header in a particular manner leads to a possibility of HTTP Request Smuggling attack. An attacker could exploit this vulnerability to bypass web application firewall protection, divert sensitive data such as customer requests, session credentials, etc."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "5.4",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-444 (HTTP Request Smuggling)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/3000663",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/3000663"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2021-33683",
        "datePublished": "2021-07-14T11:04:45.000Z",
        "dateReserved": "2021-05-28T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:58:22.780Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-3615 (GCVE-0-2007-3615)

    Vulnerability from cvelistv5 – Published: 2007-07-06 19:00 – Updated: 2024-08-07 14:21
    VLAI
    Summary
    Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://archives.neohapsis.com/archives/fulldisclo… mailing-listx_refsource_FULLDISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/archive/1/472890/100… mailing-listx_refsource_BUGTRAQ
    http://osvdb.org/38095 vdb-entryx_refsource_OSVDB
    http://www.ngssoftware.com/advisories/high-risk-v… x_refsource_MISC
    http://secunia.com/advisories/25964 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1018336 vdb-entryx_refsource_SECTRACK
    http://www.vupen.com/english/advisories/2007/2450 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/24774 vdb-entryx_refsource_BID
    http://securityreason.com/securityalert/2875 third-party-advisoryx_refsource_SREASON
    Date Public
    2007-07-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:21:36.422Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20070705 Internet Communication Manager Denial Of Service Attack",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0105.html"
              },
              {
                "name": "sap-icman-dos(35278)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35278"
              },
              {
                "name": "20070705 Internet Communication Manager Denial Of Service Attack",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/472890/100/0/threaded"
              },
              {
                "name": "38095",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/38095"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/"
              },
              {
                "name": "25964",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25964"
              },
              {
                "name": "1018336",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018336"
              },
              {
                "name": "ADV-2007-2450",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/2450"
              },
              {
                "name": "24774",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/24774"
              },
              {
                "name": "2875",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/2875"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-07-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20070705 Internet Communication Manager Denial Of Service Attack",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0105.html"
            },
            {
              "name": "sap-icman-dos(35278)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35278"
            },
            {
              "name": "20070705 Internet Communication Manager Denial Of Service Attack",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/472890/100/0/threaded"
            },
            {
              "name": "38095",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/38095"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/"
            },
            {
              "name": "25964",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25964"
            },
            {
              "name": "1018336",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018336"
            },
            {
              "name": "ADV-2007-2450",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2450"
            },
            {
              "name": "24774",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/24774"
            },
            {
              "name": "2875",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/2875"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-3615",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20070705 Internet Communication Manager Denial Of Service Attack",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0105.html"
                },
                {
                  "name": "sap-icman-dos(35278)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35278"
                },
                {
                  "name": "20070705 Internet Communication Manager Denial Of Service Attack",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/472890/100/0/threaded"
                },
                {
                  "name": "38095",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/38095"
                },
                {
                  "name": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/",
                  "refsource": "MISC",
                  "url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/"
                },
                {
                  "name": "25964",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25964"
                },
                {
                  "name": "1018336",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018336"
                },
                {
                  "name": "ADV-2007-2450",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/2450"
                },
                {
                  "name": "24774",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/24774"
                },
                {
                  "name": "2875",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/2875"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-3615",
        "datePublished": "2007-07-06T19:00:00.000Z",
        "dateReserved": "2007-07-06T00:00:00.000Z",
        "dateUpdated": "2024-08-07T14:21:36.422Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }