CVE-2021-33670
published 2021-07-14CVE-2021-33670: SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to denial of service vulnerability.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | netweaver_application_server_java | — | — |
| sap | netweaver_application_server_java | — | — |
| sap | netweaver_application_server_java | — | — |
| sap | netweaver_application_server_java | — | — |
| sap | netweaver_application_server_java | — | — |
| sap | netweaver_application_server_java | — | — |
| sap | netweaver_application_server_java | — | — |
| sap_se | sap_netweaver_as_for_java | < 7.10 | 7.10 |
| sap_se | sap_netweaver_as_for_java | < 7.11 | 7.11 |
| sap_se | sap_netweaver_as_for_java | < 7.20 | 7.20 |
| sap_se | sap_netweaver_as_for_java | < 7.30 | 7.30 |
| sap_se | sap_netweaver_as_for_java | < 7.31 | 7.31 |
| sap_se | sap_netweaver_as_for_java | < 7.40 | 7.40 |
| sap_se | sap_netweaver_as_for_java | < 7.50 | 7.50 |