CVE-2007-3615 - OpenCVE

Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	All Windows
Sap	Internet Communication Manager Sap Web Application Server

Configuration 1 [-]

AND

cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:sap:internet_communication_manager::::::::
	cpe:2.3:a:sap:sap_web_application_server:6.10:::::::*
	cpe:2.3:a:sap:sap_web_application_server:6.20:::::::*
	cpe:2.3:a:sap:sap_web_application_server:6.40:::::::*
	cpe:2.3:a:sap:sap_web_application_server:7.0:::::::*
	cpe:2.3:a:sap:sap_web_application_server:7.0.10:::::::*

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0105.html
http://osvdb.org/38095
http://secunia.com/advisories/25964
http://securityreason.com/securityalert/2875
http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/
http://www.securityfocus.com/archive/1/472890/100/0/threaded
http://www.securityfocus.com/bid/24774
http://www.securitytracker.com/id?1018336
http://www.vupen.com/english/advisories/2007/2450
https://exchange.xforce.ibmcloud.com/vulnerabilities/35278

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-07-06T19:00:00

Updated: 2024-08-07T14:21:36.422Z

Reserved: 2007-07-06T00:00:00

Link: CVE-2007-3615

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-07-06T19:30:00.000

Modified: 2018-10-15T21:29:27.893

Link: CVE-2007-3615

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-07-05T00:00:00", "descriptions": [{"lang": "en", "value": "Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20070705 Internet Communication Manager Denial Of Service Attack", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0105.html"}, {"name": "sap-icman-dos(35278)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35278"}, {"name": "20070705 Internet Communication Manager Denial Of Service Attack", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/472890/100/0/threaded"}, {"name": "38095", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/38095"}, {"tags": ["x_refsource_MISC"], "url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/"}, {"name": "25964", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25964"}, {"name": "1018336", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018336"}, {"name": "ADV-2007-2450", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2450"}, {"name": "24774", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24774"}, {"name": "2875", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2875"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3615", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20070705 Internet Communication Manager Denial Of Service Attack", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0105.html"}, {"name": "sap-icman-dos(35278)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35278"}, {"name": "20070705 Internet Communication Manager Denial Of Service Attack", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/472890/100/0/threaded"}, {"name": "38095", "refsource": "OSVDB", "url": "http://osvdb.org/38095"}, {"name": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/", "refsource": "MISC", "url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/"}, {"name": "25964", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25964"}, {"name": "1018336", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018336"}, {"name": "ADV-2007-2450", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2450"}, {"name": "24774", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24774"}, {"name": "2875", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2875"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:21:36.422Z"}, "title": "CVE Program Container", "references": [{"name": "20070705 Internet Communication Manager Denial Of Service Attack", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0105.html"}, {"name": "sap-icman-dos(35278)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35278"}, {"name": "20070705 Internet Communication Manager Denial Of Service Attack", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/472890/100/0/threaded"}, {"name": "38095", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/38095"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/"}, {"name": "25964", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25964"}, {"name": "1018336", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1018336"}, {"name": "ADV-2007-2450", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/2450"}, {"name": "24774", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/24774"}, {"name": "2875", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2875"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3615", "datePublished": "2007-07-06T19:00:00", "dateReserved": "2007-07-06T00:00:00", "dateUpdated": "2024-08-07T14:21:36.422Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "3AB4B29F-4C60-48A0-8F58-BCBDC58B697E", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:sap:internet_communication_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "651B211A-A926-40F2-A477-2107CD0FC78B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_web_application_server:6.10:*:*:*:*:*:*:*", "matchCriteriaId": "FE5FAC41-5C2B-4653-A757-ADBFD37E716E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_web_application_server:6.20:*:*:*:*:*:*:*", "matchCriteriaId": "A68E0969-971D-4D97-97EE-F901B05885DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_web_application_server:6.40:*:*:*:*:*:*:*", "matchCriteriaId": "B41DF7D3-9EF1-4F5B-870E-5D1FDF095509", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_web_application_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "5F89AF4D-B15A-4D91-B6A4-0A206772BC69", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_web_application_server:7.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "23E194A2-DFBF-444F-99D0-A038A4C7EC6A", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache."}, {"lang": "es", "value": "El Internet Communication Manager (tambi\u00e9n conocido como ICMAN.exe o ICM) en el SAP NetWeaver Application Server 6.x y 7.x, posiblemente s\u00f3lo bajo Windows, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del proceso) a trav\u00e9s de un URI de cierta longitud que contenga el par\u00e1metro sap-isc-key, relacionado con la configuraci\u00f3n del cach\u00e9 de la web."}], "id": "CVE-2007-3615", "lastModified": "2018-10-15T21:29:27.893", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-07-06T19:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0105.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/38095"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/25964"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2875"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/472890/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/24774"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1018336"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/2450"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35278"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}