NVD

Id
16531  
Name
CVE-2010-5326  
Description
The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a "Detour" attack.  
Reject
 
CVSS Version
2  
CVSS Score
10  
Severity
High  
CVSS Base Score
10  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-18  
Published
2016-05-13  
Modified Date
2016-11-28  
Seq
2010-5326  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
92566 16531 CVE-2010-5326 http://service.sap.com/sap/support/notes/1445998  View
92567 16531 CVE-2010-5326 http://www.onapsis.com/research/publications/sap-security-in-depth-vol4-the-invoker-servlet-a-dangerous-detour-into-sap-java-solutions  View
92568 16531 CVE-2010-5326 48925  View
92569 16531 CVE-2010-5326 90533  View
92570 16531 CVE-2010-5326 TA16-132A  View
92571 16531 CVE-2010-5326 https://www.onapsis.com/threat-report-tip-iceberg-wild-exploitation-cyber-attacks-sap-business-applications  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
1964 JVNDB-2016-002737 SAP NetWeaver Application Server Java プラットフォーム上で稼動する Invoker Servlet における任意のコードを実行される脆弱性 SAP NetWeaver Application Server Java プラットフォーム上で稼動する Invoker Servlet は、認証を要求しないため、任意のコードを実行される脆弱性が存在します。 CVE-2010-5326 47906 CVE-2010-5326 16531 10 10 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-002737.html 2016-05-11 2016-05-20 View