Vulnerabilities > SAP > SAP WEB Application Server > Medium

DATE CVE VULNERABILITY TITLE RISK
2010-01-12 CVE-2009-4603 Denial Of Service vulnerability in SAP Kernel 'sapstartsrv'
Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service (Management Console shutdown) via a crafted request.
network
low complexity
sap
5.0
2008-05-23 CVE-2008-2421 Cross-Site Scripting vulnerability in SAP web Application Server and web Dynpro
Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web Application Server (WAS) 7.0, Web Dynpro for ABAP (aka WD4A or WDA), and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under bc/gui/sap/its/webgui/.
network
sap CWE-79
4.3
2006-11-21 CVE-2006-6011 Denial-Of-Service vulnerability in SAP web Application Server 6.40
Unspecified vulnerability in SAP Web Application Server before 6.40 patch 6 allows remote attackers to cause a denial of service (enserver.exe crash) via a certain UDP packet to port 64999, aka "two bytes UDP crash," a different vulnerability than CVE-2006-5785.
network
low complexity
sap
5.0
2006-11-21 CVE-2006-6010 Information Disclosure vulnerability in Sap Web Application Server
SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747.
network
low complexity
sap
5.0
2006-11-07 CVE-2006-5785 Remote Denial of Service vulnerability in SAP web Application Server 6.40/7.00
Unspecified vulnerability in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to cause a denial of service (enserver.exe crash) via a 0x72F2 sequence on UDP port 64999.
network
low complexity
sap
5.0
2006-11-07 CVE-2006-5784 Remote Information Disclosure vulnerability in SAP web Application Server 6.40/7.00
Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a "3200+SYSNR" TCP port, as demonstrated by port 3201.
local
low complexity
sap
4.6
2006-03-07 CVE-2006-1039 Code Injection vulnerability in SAP web Application Server 6.10/6.20/6.40
SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers.
network
low complexity
sap CWE-94
6.4
2005-11-16 CVE-2005-3636 Cross-Site Scripting vulnerability in SAP web Application Server 6.10
Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages.
network
sap
4.3
2005-11-16 CVE-2005-3635 Cross-Site Scripting vulnerability in SAP Web Application Server
Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application.
network
sap
4.3
2005-11-16 CVE-2005-3634 Unspecified vulnerability in SAP web Application Server
frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.
network
low complexity
sap
5.0