CyberSec.Space Logo
Back to CVE Browser

CVE-2007-3624

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1430%
EPSS Percentile9.98th
PublishedJul 9, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Heap-based buffer overflow in the Message HTTP Server in SAP Message Server allows remote attackers to execute arbitrary code via a long string in the group parameter to /msgserver/html/group.

Affected Platforms (CPE)

πŸ“¦
Sap

Sap Message Server

All versions

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=118365794615827&w=2
πŸ”— http://osvdb.org/38096
πŸ”— http://secunia.com/advisories/25966
πŸ”— http://securitytracker.com/id?1018340
πŸ”— http://www.kb.cert.org/vuls/id/305657
πŸ”— http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-sap-message-server-heap-overflow/
πŸ”— http://www.securityfocus.com/bid/24765
πŸ”— http://www.vupen.com/english/advisories/2007/2451

Related Vulnerabilities

CVE-2013-15929.8

A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially craft...

CVE-2021-381628.9

SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC -7.22, 7.22EXT, 7.49, 7.53, KERNEL...

CVE-2026-236878.8

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid ...

CVE-2019-04047.5

SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Inform...