CVE-2006-5784 Information

Description

Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a \3200+SYSNR\ TCP port as demonstrated by port 3201. NOTE: this issue can be leveraged by local users to access a named pipe as the SAPServiceJ2E user.

Reference

http://secunia.com/advisories/22677 http://securityreason.com/securityalert/1828 http://www.securityfocus.com/archive/1/450394/100/0/threaded http://www.securityfocus.com/archive/1/459499/100/0/threaded http://www.securityfocus.com/bid/20877 http://www.securitytracker.com/id?1017628 http://www.vupen.com/english/advisories/2006/4318 https://exchange.xforce.ibmcloud.com/vulnerabilities/29982 https://www.exploit-db.com/exploits/3291