SAP Knowledge Base Article - Preview

2347633 - Server information disclosure when connecting to Java server with Telnet via http(s) port

Symptom

Try to access the Java server with Telnet via an incorrect port such as http or https port. Example:

>Telnet localhost 50000

As the port is wrong for Telnet access the connection pends. Kill the connection by pressing enter several times (Windows OS) or ctrl z (Linux terminal). A HTTP/1.0 400 Bad Request will be returned with some server information such as server and ICM versions and system host name.

telnet_server_disclosure.png


Read more...

Environment

SAP NetWeaver Release Independent

Product

SAP NetWeaver all versions

Keywords

400 bad http request, security risk, breach, threat, telnet , KBA , BC-JAS-SEC , Security, User Management , BC-JAS-COR , Enterprise Runtime, Core J2EE Framework , BC-JAS-WEB , Web Container, HTTP, JavaMail, Servlets , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.