Metasploit mailing list archives

Is the new SAP NetWeaver CVE-2012-2611 a NON-DEFAULT configuration exploit?

From: Richard Miles <richard.k.miles () googlemail com>
Date: Thu, 6 Sep 2012 15:19:35 -0500

Hi

I was reading metasploit blog and I found this post (
https://community.rapid7.com/community/metasploit/blog/2012/09/06/cve-2012-2611-the-walk-to-the-shell)
and it says " This module exploits an unauthenticated buffer overflow,
discovered by Martin Gallo, in the DiagTraceR3Info() function where tracing
is enabled on SAP NetWeaver." This makes me believe that this vulnerability
is not exploited on default configuration of SAP NetWeaver. Someone is able
to confirm?

Thanks.

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

Current thread:

Is the new SAP NetWeaver CVE-2012-2611 a NON-DEFAULT configuration exploit? Richard Miles (Sep 06)
- Re: Is the new SAP NetWeaver CVE-2012-2611 a NON-DEFAULT configuration exploit? Joshua Smith (Sep 06)
  - Re: Is the new SAP NetWeaver CVE-2012-2611 a NON-DEFAULT configuration exploit? Richard Miles (Sep 06)