Vulnerabilities > CVE-2005-3633 - Unspecified vulnerability in SAP web Application Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
References
- http://marc.info/?l=bugtraq&m=113156438708932&w=2
- http://secunia.com/advisories/17515/
- http://securityreason.com/securityalert/164
- http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_HTTP_Response_Splitting_in_SAP_WAS.pdf
- http://www.osvdb.org/20714
- http://www.securityfocus.com/bid/15360/
- http://www.securitytracker.com/alerts/2005/Nov/1015174.html
- http://www.vupen.com/english/advisories/2005/2361
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23030