CVE-2005-3634 - frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote

CVE-2005-3634

Summary

frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.

References

Vulnerable Configurations

cpe:2.3:a:sap:sap_web_application_server:6.10:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_web_application_server:6.10:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_web_application_server:6.20:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_web_application_server:6.20:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_web_application_server:6.40:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_web_application_server:6.40:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_web_application_server:7.0:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_web_application_server:7.0:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 11-07-2017 - 01:33)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:P/A:N

refmap via4

bid	15362
bugtraq	20051109 CYBSEC - Security Advisory: Phishing Vector in SAP WAS
misc	http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf
sectrack	1015174
secunia	17515
sreason	163
vupen	ADV-2005-2361
xf	sap-sapexiturl-http-header-injection(23031)

Last major update

11-07-2017 - 01:33

Published

16-11-2005 - 21:22

Last modified

11-07-2017 - 01:33