SAP Knowledge Base Article - Preview

3476549 - Directory Traversal vulnerability is detected in SAP NetWeaver AS Java for path /scheduler/ui/js/ffffffffbca41eb4/...

Symptom

Directory Traversal vulnerability is detected in SAP NetWeaver AS Java system for specific URL starting with http(s)://<host>:<port>/scheduler/ui/js/ffffffffbca41eb4/..., though system version is already higher than the patch level in note 2486657 - Directory Traversal vulnerability in SAP NetWeaver AS Java Web Container

For example:

http(s)://<host>:<port>/scheduler/ui/js/ffffffffbca41eb4/root.js
http(s)://<host>:<port>/scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS?/../WEB-INF


Read more...

Environment

SAP NetWeaver Application Server Java

Keywords

CVE-2017-12637, Local File Inclusion, LFI, Path Traversal, backtracking, ffffffffbca41eb4, Redwood, CPS, scheduler , KBA , BC-JAS-WEB , Web Container, HTTP, JavaMail, Servlets , XX-PART-REDWOOD-BPA , SAP Business Process Automation by Redwood , XX-PART-REDWOOD-CPS , SAP Central Process Scheduling by Redwood , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.