ID CVE-2005-3633
Summary HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter.
References
Vulnerable Configurations
  • cpe:2.3:a:sap:sap_web_application_server:6.10:*:*:*:*:*:*:*
    cpe:2.3:a:sap:sap_web_application_server:6.10:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:sap_web_application_server:6.20:*:*:*:*:*:*:*
    cpe:2.3:a:sap:sap_web_application_server:6.20:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:sap_web_application_server:6.40:*:*:*:*:*:*:*
    cpe:2.3:a:sap:sap_web_application_server:6.40:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:sap_web_application_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:sap:sap_web_application_server:7.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 11-07-2017 - 01:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
refmap via4
bid 15360
bugtraq 20051109 CYBSEC - Security Advisory: HTTP Response Splitting in SAP WAS
misc http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_HTTP_Response_Splitting_in_SAP_WAS.pdf
osvdb 20714
sectrack 1015174
secunia 17515
sreason 164
vupen ADV-2005-2361
xf sap-sapexiturl-response-splitting(23030)
Last major update 11-07-2017 - 01:33
Published 16-11-2005 - 21:22
Last modified 11-07-2017 - 01:33
Back to Top