This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This Signature detects SAP MaxDB Malformed Handshake Request exploit.
SAP MaxDB is a database application available for multiple platforms.
MaxDB is prone to an unspecified remote code-execution vulnerability because it fails to sufficiently validate user-supplied input. Specifically, the 'serv.exe' application uses data supplied from a packet as a length when copying data to the stack. By default, 'serv.exe' listens on TCP port 7210.
An attacker can leverage this issue to execute arbitrary code with SYSTEM-level privileges. Failed exploit attempts will result in a denial-of-service condition.
Vendor updates are available through SAP note 1409425; please contact the vendor for more information.