CVE-2016-3976

CVE-2016-3976

Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971.

Summary:

Reference Links(if available):

http://seclists.org/fulldisclosure/2016/Jun/40

http://packetstormsecurity.com/files/137528/SAP-NetWeaver-AS-JAVA-7.5-Directory-Traversal.html

https://www.exploit-db.com/exploits/39996/

https://erpscan.io/press-center/blog/sap-security-notes-march-2016-review/

https://erpscan.io/advisories/erpscan-16-012/

CVSS Score (if available)

v2: / MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N

v3: / HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Links to Exploits(if available)

https://github.com/offensive-security/exploitdb/blob/master/exploits/java/webapps/39996.txt

Summary:

Reference Links(if available):

CVSS Score (if available)

Links to Exploits(if available)

Microsoft Addresses Four Critical Zero-Days in November Patch Tuesday Updates

AI Threat Worsening in 2025: Insights from Google Cloud

Lazarus Group’s Code Smuggling Technique Exploits Extended Attributes in macOS

Ethical Hacker or Not? Amazon MOVEit Leaker’s Controversial Claims

Hive0145 Targets Europe with Sophisticated Strela Stealer Campaigns

Summary:

Reference Links(if available):

CVSS Score (if available)

Links to Exploits(if available)

You may have missed

Microsoft Addresses Four Critical Zero-Days in November Patch Tuesday Updates

AI Threat Worsening in 2025: Insights from Google Cloud

Lazarus Group’s Code Smuggling Technique Exploits Extended Attributes in macOS

Ethical Hacker or Not? Amazon MOVEit Leaker’s Controversial Claims

Hive0145 Targets Europe with Sophisticated Strela Stealer Campaigns