CVEs-PoC/2017/CVE-2017-12637.md

### [CVE-2017-12637](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12637)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)

### Description

Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/20142995/nuclei-templates
- https://github.com/20142995/sectool
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/Elsfa7-110/kenzer-templates
- https://github.com/Ostorlab/KEV
- https://github.com/abrewer251/CVE-2017-12637_SAP-NetWeaver-URL-Traversal
- https://github.com/gnarkill78/CSA_S2_2024
- https://github.com/merlinepedra/nuclei-templates
- https://github.com/merlinepedra25/nuclei-templates
- https://github.com/packetinside/CISA_BOT
- https://github.com/sobinge/nuclei-templates
- https://github.com/ums91/CISA_BOT