Metasploit mailing list archives
Is the new SAP NetWeaver CVE-2012-2611 a NON-DEFAULT configuration exploit?
From: Richard Miles <richard.k.miles () googlemail com>
Date: Thu, 6 Sep 2012 15:19:35 -0500
Hi I was reading metasploit blog and I found this post ( https://community.rapid7.com/community/metasploit/blog/2012/09/06/cve-2012-2611-the-walk-to-the-shell) and it says " This module exploits an unauthenticated buffer overflow, discovered by Martin Gallo, in the DiagTraceR3Info() function where tracing is enabled on SAP NetWeaver." This makes me believe that this vulnerability is not exploited on default configuration of SAP NetWeaver. Someone is able to confirm? Thanks.
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Is the new SAP NetWeaver CVE-2012-2611 a NON-DEFAULT configuration exploit? Richard Miles (Sep 06)
- Re: Is the new SAP NetWeaver CVE-2012-2611 a NON-DEFAULT configuration exploit? Joshua Smith (Sep 06)
- Re: Is the new SAP NetWeaver CVE-2012-2611 a NON-DEFAULT configuration exploit? Richard Miles (Sep 06)
- Re: Is the new SAP NetWeaver CVE-2012-2611 a NON-DEFAULT configuration exploit? Joshua Smith (Sep 06)