Application: SAP NetWeaver
Versions Affected: SAP NetWeaver 7.0
Vendor URL: http://www.sap.com
Vendor response: 09.12.2011
Date of Public Advisory: 30.07.2012
Reference: SAP Security Note 1675605
Author: Dmitry Chastuchin (ERPScan)
Information disclosure in SAP NetWeaver streaming server servlet.
The vulnerability can lead to disclosure of information on the system without authentication and can help an attacker to penetrate the system. An attacker can use the information from the given service for subsequent attacks which will lead to illegal access to the business-critical information.