Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3634

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-3634
Last Modified 07 Mar 2011 09:26:51
Published 16 Nov 2005 04:22:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3634

Summary

frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.

Vulnerable Systems

Application

  • Sap Web Application Server 6.10

  • Sap Web Application Server 6.20

  • Sap Web Application Server 6.40

  • Sap Web Application Server 7.0


References

VUPEN - ADV-2005-2361

SECTRACK - 1015174

BID - 15362

SECUNIA - 17515

BUGTRAQ - 20051109 CYBSEC - Security Advisory: Phishing Vector in SAP WAS

XF - sap-sapexiturl-http-header-injection(23031)

MISC - http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf

SREASON - 163


Last Updated: 27 May 2016 10:40:59