PatchSiren cyber security CVE debrief
CVE-2017-5997 SAP CVE debrief
CVE-2017-5997 describes a remotely reachable denial-of-service condition in the SAP Message Server HTTP daemon. According to the CVE/NVD record, repeated requests to msgserver/group?group? with a crafted group parameter size can drive memory consumption and crash the process. The issue is associated with SAP Kernel releases 7.21-7.49 in the CVE description and maps to a high-availability risk rather than a confidentiality or integrity impact.
- Vendor
- SAP
- Product
- CVE-2017-5997
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-15
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-15
- Advisory updated
- 2026-05-13
Who should care
SAP Basis and platform teams, application owners running SAP Kernel, operations teams responsible for internet- or intranet-exposed SAP Message Server HTTP endpoints, and defenders monitoring for service availability risks.
Technical summary
The official CVE record and NVD entry describe a network-reachable DoS in the SAP Message Server HTTP daemon. NVD classifies the weakness as CWE-772 and gives CVSS v3.0 7.5/High with AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The reported trigger is multiple msgserver/group?group? requests with a crafted group-parameter size, resulting in memory consumption and process crash.
Defensive priority
High for environments exposing the SAP Message Server HTTP daemon. The impact is availability loss, so systems supporting critical business processes should be checked promptly and patched according to SAP Security Note 2358972 or the vendor remediation path referenced by SAP.
Recommended defensive actions
- Identify SAP Kernel instances running affected releases and confirm whether the Message Server HTTP daemon is reachable from untrusted networks.
- Apply the SAP fix or security note referenced in the CVE description (SAP Security Note 2358972) as soon as change windows allow.
- Restrict network access to SAP Message Server HTTP services to trusted administration or application networks only.
- Monitor for repeated requests to msgserver/group?group? and for abnormal memory growth or process crashes on affected hosts.
- Validate that compensating controls such as segmentation, firewall rules, and service exposure limits are in place while remediation is planned.
Evidence notes
This debrief is based on the official CVE/NVD record for CVE-2017-5997 and the referenced ERPScan advisory linked from the NVD entry. The supplied record indicates affected SAP Kernel CPEs including 7.21, 7.22, and 7.42, while the CVE description supplied here states the broader 7.21-7.49 range. NVD classifies the issue as CWE-772 and CVSS v3.0 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. No KEV listing was provided in the supplied data.
Official resources
-
CVE-2017-5997 CVE record
CVE.org
-
CVE-2017-5997 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
Publicly disclosed in the CVE record on 2017-02-15. The NVD record was later modified on 2026-05-13; that modification date is not the vulnerability date.