First published: Wed Jan 20 2016(Updated: )
The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service (disk consumption and process crash) via a crafted HTTP request, related to an unspecified debug function, aka SAP Security Note 2241978.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
SAP HANA Database |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-1929 is considered a high severity vulnerability due to its potential to enable denial of service attacks.
To fix CVE-2016-1929, it is recommended to apply the relevant SAP security patches as detailed in SAP Security Note 2241978.
CVE-2016-1929 affects systems running SAP HANA, allowing remote attackers to exploit the vulnerability.
CVE-2016-1929 can facilitate log spoofing attacks which may lead to denial of service due to disk consumption and process crashes.
CVE-2016-1929 allows remote attackers to send crafted HTTP requests that can manipulate log entries in SAP HANA's trace files.