← back
CVE-2021-33670

CVE-2021-33670

CVSS 7.5 HIGHEPSS 3.2%
SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to denial of service vulnerability.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
SAP SE · SAP NetWeaver AS for Java (Http Service)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/166965/SAP-NetWeaver-Java-Denial-Of-Service.htmlhttp://seclists.org/fulldisclosure/2022/May/4https://launchpad.support.sap.com/#/notes/3056652https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506