Contact us today.

Subscribe me to your mailing list

[ERPSCAN-14-021] SAP NetWeaver Management Console (gSOAP) – Partial HTTP POST requests DoS

Application: SAP
Versions Affected: SAP Netweaver 7.02/7.3, probably others
Vendor URL:
Bugs: Denial of Service
Exploits: YES
Reported: 25.09.2012
Vendor response: 26.09.2012
Date of Public Advisory: 17.10.2014
Reference: SAP Security Note 1986725
Author: Igor Ilyin, Alexey Tyurin (ERPScan)

A remote attacker can conduct a denial of service attack against SAP NetWeaver Management Console and HostControl (gSOAP), or affect its control flow, without authorization.

Business Risk
An attacker can use a denial of service vulnerability for terminating the process of the vulnerable component. As a result, nobody can use this service, which has a negative influence on business processes. System downtime also harms business reputation.


To prevent this issue as well as a plethora of other vulnerabilities that may affect your systems, ERPScan provides the following services: