Vulnerabilities > CVE-2005-3634 - Unspecified vulnerability in SAP web Application Server
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
References
- http://marc.info/?l=bugtraq&m=113156525006667&w=2
- http://marc.info/?l=bugtraq&m=113156525006667&w=2
- http://secunia.com/advisories/17515/
- http://secunia.com/advisories/17515/
- http://securityreason.com/securityalert/163
- http://securityreason.com/securityalert/163
- http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf
- http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf
- http://www.securityfocus.com/bid/15362
- http://www.securityfocus.com/bid/15362
- http://www.securitytracker.com/alerts/2005/Nov/1015174.html
- http://www.securitytracker.com/alerts/2005/Nov/1015174.html
- http://www.vupen.com/english/advisories/2005/2361
- http://www.vupen.com/english/advisories/2005/2361
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23031
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23031