LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page US-CERT: Alert (TA16-132A) Exploitation of SAP Business Applications
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 05-11-2016, 11:17 AM   #1
tronayne
Senior Member
 
Registered: Oct 2003
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,541

Rep: Reputation: 1065Reputation: 1065Reputation: 1065Reputation: 1065Reputation: 1065Reputation: 1065Reputation: 1065Reputation: 1065
US-CERT: Alert (TA16-132A) Exploitation of SAP Business Applications

Systems Affected

Outdated or misconfigured SAP systems

Overview

At least 36 organizations worldwide are affected by an SAP vulnerability [1] (link is external). Security researchers from Onapsis discovered indicators of exploitation against these organizations’ SAP business applications.

The observed indicators relate to the abuse of the Invoker Servlet, a built-in functionality in SAP NetWeaver Application Server Java systems (SAP Java platforms). The Invoker Servlet contains a vulnerability that was patched by SAP in 2010. However, the vulnerability continues to affect outdated and misconfigured SAP systems.

Description

SAP systems running outdated or misconfigured software are exposed to increased risks of malicious attacks.

The Invoker Servlet vulnerability affects business applications running on SAP Java platforms.

See the entire Notice (with additional description, impact and and solutions at https://www.us-cert.gov/ncas/alerts/TA16-132A

Hope this helps some.
 
Old 05-11-2016, 12:11 PM   #2
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
Blog Entries: 15

Rep: Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669
I wonder if Oracle E-Business folks asked the government to issue an alert for an issue their competitor fixed 6 years ago.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Alert (TA16-105A) Apple Ends Support for QuickTime for Windows; New Vulnerabilities Announced tronayne Linux - Security 4 04-18-2016 07:42 AM
Alert (TA16-091A) Ransomware and Recent Variants tronayne Linux - Security 1 04-04-2016 12:21 AM
[SOLVED] US-CERT Alert TA13-088A: DNS Amplification Attacks tronayne Slackware 11 08-16-2013 11:20 AM
[SOLVED] US-CERT Alert TA13-088A: DNS Amplification Attacks tronayne Linux - Security 0 03-31-2013 03:45 PM
LXer: Red Hat and SAP Bring SAP Applications to Virtual Servers LXer Syndicated Linux News 0 07-21-2007 12:46 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:24 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration