← back
CVE-2016-3976

CVE-2016-3976

CVSS 7.5 HIGHEPSS 46.6%● KEVCWE-22
Vexday Risk Score
83Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 7.5EPSS 46.6%KEV simPoC públicaNuclei Metasploit Patch
Lifecycle
07 Apr 2016Published on NVD
21 Jun 2016Public PoC
03 Nov 2021Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short

A flaw in SAP NetWeaver AS Java allows attackers to read any file on the server by using special path characters (..\) to escape the intended directory. This is dangerous because sensitive files like configuration and credentials could be exposed.

Technical detail

Directory traversal vulnerability in CrashFileDownloadServlet affecting SAP NetWeaver AS Java 7.1–7.5, exploitable via crafted ..\sequences in the fileName parameter. The vulnerability permits unauthenticated remote file access due to insufficient input validation, leading to confidentiality breach of arbitrary system files.

Summary generated and translated by AI from the official description.
Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
n/a · n/a
public PoCs found3
cve_referencepacketstormsecurity.com/files/137528/SAP-NetWeaver-AS-JAVA-7.5-Directory-Traversal.htmlunverifiedcve_referencewww.exploit-db.com/exploits/39996/unverifiedexploitdbwww.exploit-db.com/exploits/39996unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/137528/SAP-NetWeaver-AS-JAVA-7.5-Directory-Traversal.htmlhttp://seclists.org/fulldisclosure/2016/Jun/40https://erpscan.io/advisories/erpscan-16-012/https://erpscan.io/press-center/blog/sap-security-notes-march-2016-review/https://launchpad.support.sap.com/#/notes/2234971https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-3976https://www.exploit-db.com/exploits/39996/