SAP NetWeaver Vulnerabilities (Mar 1, 2013)


The SAP NetWeaver is a software/application platform which enables composition, provisioning, and management of SAP and non-SAP applications across a heterogeneous software environment. SAP NetWeaver deploys several services to handle incoming requests. One of the services, the Message Server, is used for communication between SAP systems and RFC clients.

Two vulnerabilities in SAP NetWeaver Message Server (msg_server.exe) were reported. The vulnerabilities are due to insufficient validation of incoming messages. A remote attacker could exploit these vulnerabilities by sending crafted requests to the msg_server.exe. Successful exploitation allows the attacker to execute arbitrary code in the context of Message Server.

The vulnerabilities have been assigned as CVE-2013-1592 and CVE-2013-1593.

Dell SonicWALL has released two IPS signatures to detect and block specific exploitation attempts targeting these vulnerabilities. The signatures are listed below:

  • 9667 SAP NetWeaver msg_server Memory Corruption
  • 9683 SAP NetWeaver msg_server Buffer Overflow
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.