Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1039

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2006-1039
Last Modified 08 Aug 2011 12:00:00
Published 07 Mar 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1039

Summary

SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers.

Vulnerable Systems

Application

  • Sap Web Application Server 6.10

  • Sap Web Application Server 6.20

  • Sap Web Application Server 6.40


References

XF - sap-was-url-obtain-information(25003)

VUPEN - ADV-2006-0810

BID - 18006

BUGTRAQ - 20060301 SAP Web Application Server http request url parsing vulnerability

SECTRACK - 1015702

SECUNIA - 19085


Last Updated: 27 May 2016 10:41:54