cbcvebase.
CVE-2007-3624
published 2007-07-09

CVE-2007-3624: Heap-based buffer overflow in the Message HTTP Server in SAP Message Server allows remote attackers to execute arbitrary code via a long string in the group…

PriorityP263critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
36.59%
98.3th percentile
Heap-based buffer overflow in the Message HTTP Server in SAP Message Server allows remote attackers to execute arbitrary code via a long string in the group parameter to /msgserver/html/group.

Detection & IOCsextracted from sources · hover to see the quote

url/msgserver/html/group
port8100
commandGET /msgserver/html/group?group=**498 bytes** HTTP/1.0
  • Detect exploitation attempts by monitoring HTTP GET requests to /msgserver/html/group with an abnormally long 'group' query parameter (PoC uses ~498 bytes), targeting SAP Message Server port 8100.
  • Alert on any HTTP request to the SAP Message Server path /msgserver/html/group from external/untrusted sources, as this endpoint is the attack vector for the heap overflow.
  • Successful exploitation results in code execution with SYSTEM-level privileges; monitor SAP Message Server process for unexpected child processes or privilege escalation events.
  • Failed exploitation attempts may manifest as denial-of-service / application crashes of the SAP Message Server; monitor for unexpected service restarts.
  • ·The SAP Message Server HTTP interface listens on port 8100 by default; restricting external access to this port is critical to reducing attack surface.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.