What is CVE-2014-0995?

CVE-2014-0995 is a vulnerability in Sap Netweaver, classified under Improper Input Validation. Published 2014-11-06.

Is CVE-2014-0995 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Sap Netweaver

CVE-2014-0995

The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.326 (97.0th percentile) — read the EPSS interpretation.

Affected products

Sap Netweaver — versions 7.20
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

martingalloar/martingalloar

References

cve@mitre.org (x_refsource_CONFIRM, Broken Link)
60950 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
netweaver-trace-pattern-dos(97610) (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_XF)
cve@mitre.org (Exploit, VDB Entry, Third Party Advisory, x_refsource_MISC)
cve@mitre.org (Exploit, Third Party Advisory, x_refsource_MISC)
20141016 [CORE-2014-0007] -SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability (mailing-list, x_refsource_BUGTRAQ, Third Party Advisory, VDB Entry)
cve@mitre.org (Third Party Advisory, x_refsource_MISC)
20141016 [CORE-2014-0007] -SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability (mailing-list, Exploit, x_refsource_FULLDISC, Mailing List, Third Party Advisory)

Frequently asked questions

What is CVE-2014-0995?: CVE-2014-0995 is a vulnerability in Sap Netweaver, classified under Improper Input Validation. Published 2014-11-06.
Is CVE-2014-0995 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.