CVE-2016-3976

Published: Apr 7, 2016

Modified: Oct 21, 2025

PUBLISHED

Description

Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://erpscan.io/press-center/blog/sap-security-notes-march-2016-review/

x_refsource_MISC

20160618 [ERPSCAN-16-012] SAP NetWeaver AS JAVA - directory traversal vulnerability

mailing-list

x_refsource_FULLDISC

http://packetstormsecurity.com/files/137528/SAP-NetWeaver-AS-JAVA-7.5-Directory-Traversal.html

x_refsource_MISC

https://erpscan.io/advisories/erpscan-16-012/

x_refsource_MISC

39996

exploit

x_refsource_EXPLOIT-DB

https://launchpad.support.sap.com/#/notes/2234971

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2016-3976

Description

Affected Products

References