Symptom
Directory Traversal vulnerability is detected in SAP NetWeaver AS Java system for specific URL starting with http(s)://<host>:<port>/scheduler/ui/js/ffffffffbca41eb4/..., though system version is already higher than the patch level in note 2486657 - Directory Traversal vulnerability in SAP NetWeaver AS Java Web Container
For example:
http(s)://<host>:<port>/scheduler/ui/js/ffffffffbca41eb4/root.js
http(s)://<host>:<port>/scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS?/../WEB-INF
Read more...
Environment
SAP NetWeaver Application Server Java
Keywords
CVE-2017-12637, Local File Inclusion, LFI, Path Traversal, backtracking, ffffffffbca41eb4, Redwood, CPS, scheduler , KBA , BC-JAS-WEB , Web Container, HTTP, JavaMail, Servlets , XX-PART-REDWOOD-BPA , SAP Business Process Automation by Redwood , XX-PART-REDWOOD-CPS , SAP Central Process Scheduling by Redwood , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.