Forum Discussion

Anonymous

Not applicable

5 years ago

CVE-2020-6287: Critical Vulnerability in SAP NetWeaver...

CVE-2020-6287: Critical Vulnerability in SAP NetWeaver Application Server JAVA Disclosed (RECON) Researchers disclosed a critical flaw in SAP NetWeaver Application Server that could allow an attacke...

Cyber Exposure Alerts

robert_neal1

Not applicable

5 years ago

I am also wondering if we are getting a false positive report from the plugin scan output

the output is from a scan carried out with the sap workaround in place where the ctc service is closed down

the connection status also indicates it closed wher on a untouched system it reports Connection: Keep-Alive

Nessus was able to exploit the issue using the following request :

GET /CTCWebService/CTCWebServiceBean?wsdl HTTP/1.1

Host: 192.168.1.1

Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1

Accept-Language: en

Connection: Close

Cookie: saplb_*=(J2EE603930820)603930850; PortalAlias=portal

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)

Pragma: no-cache

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*

Forum Discussion

CVE-2020-6287: Critical Vulnerability in SAP NetWeaver...

Recent Discussions

Microsoft’s June 2026 Patch Tuesday Addresses 198 CVEs

Oracle May 2026 Critical Security Patch Update Addresses 35 CVEs

Mini Shai-Hulud: Frequently asked questions about the TeamPCP supply chain campaign

CVE-2026-9082: Highly Critical SQL Injection Vulnerability in Drupal Core (SA-CORE-2026-004)

Key findings from the Verizon DBIR 2026: Slower vulnerability remediation meets faster exploitation

Americas

Europe

Asia / Australia