Search criteria
22 vulnerabilities found for sap_web_application_server by sap
CVE-2008-2421 (GCVE-0-2008-2421)
Vulnerability from nvd – Published: 2008-05-23 15:00 – Updated: 2024-08-07 08:58
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web Application Server (WAS) 7.0, Web Dynpro for ABAP (aka WD4A or WDA), and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under bc/gui/sap/its/webgui/.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:02.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080521 [DSECRG-08-023] SAP Web Application Server XSS Security Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/492376/100/0/threaded"
},
{
"name": "29317",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29317"
},
{
"name": "sap-sapbcguisapitswebgui-xss(42724)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42724"
},
{
"name": "1020097",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020097"
},
{
"name": "ADV-2008-1599",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1599/references"
},
{
"name": "30334",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30334"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web Application Server (WAS) 7.0, Web Dynpro for ABAP (aka WD4A or WDA), and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under bc/gui/sap/its/webgui/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080521 [DSECRG-08-023] SAP Web Application Server XSS Security Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/492376/100/0/threaded"
},
{
"name": "29317",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29317"
},
{
"name": "sap-sapbcguisapitswebgui-xss(42724)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42724"
},
{
"name": "1020097",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020097"
},
{
"name": "ADV-2008-1599",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1599/references"
},
{
"name": "30334",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30334"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web Application Server (WAS) 7.0, Web Dynpro for ABAP (aka WD4A or WDA), and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under bc/gui/sap/its/webgui/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080521 [DSECRG-08-023] SAP Web Application Server XSS Security Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492376/100/0/threaded"
},
{
"name": "29317",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29317"
},
{
"name": "sap-sapbcguisapitswebgui-xss(42724)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42724"
},
{
"name": "1020097",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020097"
},
{
"name": "ADV-2008-1599",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1599/references"
},
{
"name": "30334",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30334"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2421",
"datePublished": "2008-05-23T15:00:00",
"dateReserved": "2008-05-23T00:00:00",
"dateUpdated": "2024-08-07T08:58:02.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3615 (GCVE-0-2007-3615)
Vulnerability from nvd – Published: 2007-07-06 19:00 – Updated: 2024-08-07 14:21
VLAI?
Summary
Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:36.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070705 Internet Communication Manager Denial Of Service Attack",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0105.html"
},
{
"name": "sap-icman-dos(35278)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35278"
},
{
"name": "20070705 Internet Communication Manager Denial Of Service Attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/472890/100/0/threaded"
},
{
"name": "38095",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38095"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/"
},
{
"name": "25964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25964"
},
{
"name": "1018336",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018336"
},
{
"name": "ADV-2007-2450",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2450"
},
{
"name": "24774",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24774"
},
{
"name": "2875",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2875"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070705 Internet Communication Manager Denial Of Service Attack",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0105.html"
},
{
"name": "sap-icman-dos(35278)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35278"
},
{
"name": "20070705 Internet Communication Manager Denial Of Service Attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/472890/100/0/threaded"
},
{
"name": "38095",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38095"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/"
},
{
"name": "25964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25964"
},
{
"name": "1018336",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018336"
},
{
"name": "ADV-2007-2450",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2450"
},
{
"name": "24774",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24774"
},
{
"name": "2875",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2875"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070705 Internet Communication Manager Denial Of Service Attack",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0105.html"
},
{
"name": "sap-icman-dos(35278)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35278"
},
{
"name": "20070705 Internet Communication Manager Denial Of Service Attack",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/472890/100/0/threaded"
},
{
"name": "38095",
"refsource": "OSVDB",
"url": "http://osvdb.org/38095"
},
{
"name": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/"
},
{
"name": "25964",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25964"
},
{
"name": "1018336",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018336"
},
{
"name": "ADV-2007-2450",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2450"
},
{
"name": "24774",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24774"
},
{
"name": "2875",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2875"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3615",
"datePublished": "2007-07-06T19:00:00",
"dateReserved": "2007-07-06T00:00:00",
"dateUpdated": "2024-08-07T14:21:36.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6011 (GCVE-0-2006-6011)
Vulnerability from nvd – Published: 2006-11-21 23:00 – Updated: 2024-08-07 20:12
VLAI?
Summary
Unspecified vulnerability in SAP Web Application Server before 6.40 patch 6 allows remote attackers to cause a denial of service (enserver.exe crash) via a certain UDP packet to port 64999, aka "two bytes UDP crash," a different vulnerability than CVE-2006-5785.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:12:31.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1889",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1889"
},
{
"name": "20061112 Old SAP exploits",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/451378/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in SAP Web Application Server before 6.40 patch 6 allows remote attackers to cause a denial of service (enserver.exe crash) via a certain UDP packet to port 64999, aka \"two bytes UDP crash,\" a different vulnerability than CVE-2006-5785."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1889",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1889"
},
{
"name": "20061112 Old SAP exploits",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/451378/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in SAP Web Application Server before 6.40 patch 6 allows remote attackers to cause a denial of service (enserver.exe crash) via a certain UDP packet to port 64999, aka \"two bytes UDP crash,\" a different vulnerability than CVE-2006-5785."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1889",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1889"
},
{
"name": "20061112 Old SAP exploits",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451378/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6011",
"datePublished": "2006-11-21T23:00:00",
"dateReserved": "2006-11-21T00:00:00",
"dateUpdated": "2024-08-07T20:12:31.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6010 (GCVE-0-2006-6010)
Vulnerability from nvd – Published: 2006-11-21 23:00 – Updated: 2024-08-07 20:12
VLAI?
Summary
SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:12:31.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1889",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1889"
},
{
"name": "netweaver-rfcsysteminfo-info-disclosure(39997)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39997"
},
{
"name": "20061112 Old SAP exploits",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/451378/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1889",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1889"
},
{
"name": "netweaver-rfcsysteminfo-info-disclosure(39997)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39997"
},
{
"name": "20061112 Old SAP exploits",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/451378/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1889",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1889"
},
{
"name": "netweaver-rfcsysteminfo-info-disclosure(39997)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39997"
},
{
"name": "20061112 Old SAP exploits",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451378/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6010",
"datePublished": "2006-11-21T23:00:00",
"dateReserved": "2006-11-21T00:00:00",
"dateUpdated": "2024-08-07T20:12:31.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5785 (GCVE-0-2006-5785)
Vulnerability from nvd – Published: 2006-11-07 23:00 – Updated: 2024-08-07 20:04
VLAI?
Summary
Unspecified vulnerability in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to cause a denial of service (enserver.exe crash) via a 0x72F2 sequence on UDP port 64999.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:55.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1828",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1828"
},
{
"name": "ADV-2006-4318",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4318"
},
{
"name": "20070208 Multiple vulnerabilities in SAP WebAS 6.40 and 7.00 (technicaldetails)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/459499/100/0/threaded"
},
{
"name": "20061102 Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/450394/100/0/threaded"
},
{
"name": "20873",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20873"
},
{
"name": "sap-enserver-dos(29981)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29981"
},
{
"name": "22677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22677"
},
{
"name": "1017628",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017628"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to cause a denial of service (enserver.exe crash) via a 0x72F2 sequence on UDP port 64999."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1828",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1828"
},
{
"name": "ADV-2006-4318",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4318"
},
{
"name": "20070208 Multiple vulnerabilities in SAP WebAS 6.40 and 7.00 (technicaldetails)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/459499/100/0/threaded"
},
{
"name": "20061102 Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/450394/100/0/threaded"
},
{
"name": "20873",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20873"
},
{
"name": "sap-enserver-dos(29981)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29981"
},
{
"name": "22677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22677"
},
{
"name": "1017628",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017628"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5785",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to cause a denial of service (enserver.exe crash) via a 0x72F2 sequence on UDP port 64999."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1828",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1828"
},
{
"name": "ADV-2006-4318",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4318"
},
{
"name": "20070208 Multiple vulnerabilities in SAP WebAS 6.40 and 7.00 (technicaldetails)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/459499/100/0/threaded"
},
{
"name": "20061102 Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450394/100/0/threaded"
},
{
"name": "20873",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20873"
},
{
"name": "sap-enserver-dos(29981)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29981"
},
{
"name": "22677",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22677"
},
{
"name": "1017628",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017628"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5785",
"datePublished": "2006-11-07T23:00:00",
"dateReserved": "2006-11-07T00:00:00",
"dateUpdated": "2024-08-07T20:04:55.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5784 (GCVE-0-2006-5784)
Vulnerability from nvd – Published: 2006-11-07 23:00 – Updated: 2024-08-07 20:04
VLAI?
Summary
Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a "3200+SYSNR" TCP port, as demonstrated by port 3201. NOTE: this issue can be leveraged by local users to access a named pipe as the SAPServiceJ2E user.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:55.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "sap-pipe-privilege-escalation(29982)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29982"
},
{
"name": "1828",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1828"
},
{
"name": "ADV-2006-4318",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4318"
},
{
"name": "20877",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20877"
},
{
"name": "20070208 Multiple vulnerabilities in SAP WebAS 6.40 and 7.00 (technicaldetails)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/459499/100/0/threaded"
},
{
"name": "20061102 Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/450394/100/0/threaded"
},
{
"name": "3291",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3291"
},
{
"name": "22677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22677"
},
{
"name": "1017628",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017628"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a \"3200+SYSNR\" TCP port, as demonstrated by port 3201. NOTE: this issue can be leveraged by local users to access a named pipe as the SAPServiceJ2E user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "sap-pipe-privilege-escalation(29982)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29982"
},
{
"name": "1828",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1828"
},
{
"name": "ADV-2006-4318",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4318"
},
{
"name": "20877",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20877"
},
{
"name": "20070208 Multiple vulnerabilities in SAP WebAS 6.40 and 7.00 (technicaldetails)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/459499/100/0/threaded"
},
{
"name": "20061102 Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/450394/100/0/threaded"
},
{
"name": "3291",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3291"
},
{
"name": "22677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22677"
},
{
"name": "1017628",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017628"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a \"3200+SYSNR\" TCP port, as demonstrated by port 3201. NOTE: this issue can be leveraged by local users to access a named pipe as the SAPServiceJ2E user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sap-pipe-privilege-escalation(29982)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29982"
},
{
"name": "1828",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1828"
},
{
"name": "ADV-2006-4318",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4318"
},
{
"name": "20877",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20877"
},
{
"name": "20070208 Multiple vulnerabilities in SAP WebAS 6.40 and 7.00 (technicaldetails)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/459499/100/0/threaded"
},
{
"name": "20061102 Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450394/100/0/threaded"
},
{
"name": "3291",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3291"
},
{
"name": "22677",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22677"
},
{
"name": "1017628",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017628"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5784",
"datePublished": "2006-11-07T23:00:00",
"dateReserved": "2006-11-07T00:00:00",
"dateUpdated": "2024-08-07T20:04:55.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1039 (GCVE-0-2006-1039)
Vulnerability from nvd – Published: 2006-03-07 11:00 – Updated: 2024-08-07 16:56
VLAI?
Summary
SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:15.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1015702",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015702"
},
{
"name": "sap-was-url-obtain-information(25003)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25003"
},
{
"name": "19085",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19085"
},
{
"name": "18006",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18006"
},
{
"name": "20060301 SAP Web Application Server http request url parsing vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/426449/100/0/threaded"
},
{
"name": "ADV-2006-0810",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0810"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a \";%20\" followed by encoded HTTP headers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1015702",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015702"
},
{
"name": "sap-was-url-obtain-information(25003)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25003"
},
{
"name": "19085",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19085"
},
{
"name": "18006",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18006"
},
{
"name": "20060301 SAP Web Application Server http request url parsing vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/426449/100/0/threaded"
},
{
"name": "ADV-2006-0810",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0810"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a \";%20\" followed by encoded HTTP headers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015702",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015702"
},
{
"name": "sap-was-url-obtain-information(25003)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25003"
},
{
"name": "19085",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19085"
},
{
"name": "18006",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18006"
},
{
"name": "20060301 SAP Web Application Server http request url parsing vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426449/100/0/threaded"
},
{
"name": "ADV-2006-0810",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0810"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1039",
"datePublished": "2006-03-07T11:00:00",
"dateReserved": "2006-03-07T00:00:00",
"dateUpdated": "2024-08-07T16:56:15.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3634 (GCVE-0-2005-3634)
Vulnerability from nvd – Published: 2005-11-16 21:17 – Updated: 2024-08-07 23:17
VLAI?
Summary
frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf"
},
{
"name": "sap-sapexiturl-http-header-injection(23031)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23031"
},
{
"name": "15362",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15362"
},
{
"name": "163",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/163"
},
{
"name": "20051109 CYBSEC - Security Advisory: Phishing Vector in SAP WAS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113156525006667\u0026w=2"
},
{
"name": "17515",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17515/"
},
{
"name": "1015174",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"name": "ADV-2005-2361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2361"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf"
},
{
"name": "sap-sapexiturl-http-header-injection(23031)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23031"
},
{
"name": "15362",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15362"
},
{
"name": "163",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/163"
},
{
"name": "20051109 CYBSEC - Security Advisory: Phishing Vector in SAP WAS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113156525006667\u0026w=2"
},
{
"name": "17515",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17515/"
},
{
"name": "1015174",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"name": "ADV-2005-2361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2361"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf",
"refsource": "MISC",
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf"
},
{
"name": "sap-sapexiturl-http-header-injection(23031)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23031"
},
{
"name": "15362",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15362"
},
{
"name": "163",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/163"
},
{
"name": "20051109 CYBSEC - Security Advisory: Phishing Vector in SAP WAS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113156525006667\u0026w=2"
},
{
"name": "17515",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17515/"
},
{
"name": "1015174",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"name": "ADV-2005-2361",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2361"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3634",
"datePublished": "2005-11-16T21:17:00",
"dateReserved": "2005-11-16T00:00:00",
"dateUpdated": "2024-08-07T23:17:23.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3636 (GCVE-0-2005-3636)
Vulnerability from nvd – Published: 2005-11-16 21:17 – Updated: 2024-08-07 23:17
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf"
},
{
"name": "162",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/162"
},
{
"name": "15361",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15361"
},
{
"name": "sap-error-message-script-injection(23029)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23029"
},
{
"name": "20715",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20715"
},
{
"name": "17515",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17515/"
},
{
"name": "1015174",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"name": "ADV-2005-2361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2361"
},
{
"name": "20051109 CYBSEC - Security Advisory: Multiple XSS in SAP WAS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113156601505542\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf"
},
{
"name": "162",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/162"
},
{
"name": "15361",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15361"
},
{
"name": "sap-error-message-script-injection(23029)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23029"
},
{
"name": "20715",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20715"
},
{
"name": "17515",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17515/"
},
{
"name": "1015174",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"name": "ADV-2005-2361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2361"
},
{
"name": "20051109 CYBSEC - Security Advisory: Multiple XSS in SAP WAS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113156601505542\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf",
"refsource": "MISC",
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf"
},
{
"name": "162",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/162"
},
{
"name": "15361",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15361"
},
{
"name": "sap-error-message-script-injection(23029)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23029"
},
{
"name": "20715",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20715"
},
{
"name": "17515",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17515/"
},
{
"name": "1015174",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"name": "ADV-2005-2361",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2361"
},
{
"name": "20051109 CYBSEC - Security Advisory: Multiple XSS in SAP WAS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113156601505542\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3636",
"datePublished": "2005-11-16T21:17:00",
"dateReserved": "2005-11-16T00:00:00",
"dateUpdated": "2024-08-07T23:17:23.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3635 (GCVE-0-2005-3635)
Vulnerability from nvd – Published: 2005-11-16 21:17 – Updated: 2024-08-07 23:17
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf"
},
{
"name": "20717",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20717"
},
{
"name": "162",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/162"
},
{
"name": "sap-fameset-systempublic-xss(23027)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23027"
},
{
"name": "15361",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15361"
},
{
"name": "17515",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17515/"
},
{
"name": "1015174",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"name": "ADV-2005-2361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2361"
},
{
"name": "20716",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20716"
},
{
"name": "20051109 CYBSEC - Security Advisory: Multiple XSS in SAP WAS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113156601505542\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf"
},
{
"name": "20717",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20717"
},
{
"name": "162",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/162"
},
{
"name": "sap-fameset-systempublic-xss(23027)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23027"
},
{
"name": "15361",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15361"
},
{
"name": "17515",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17515/"
},
{
"name": "1015174",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"name": "ADV-2005-2361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2361"
},
{
"name": "20716",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20716"
},
{
"name": "20051109 CYBSEC - Security Advisory: Multiple XSS in SAP WAS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113156601505542\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf",
"refsource": "MISC",
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf"
},
{
"name": "20717",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20717"
},
{
"name": "162",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/162"
},
{
"name": "sap-fameset-systempublic-xss(23027)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23027"
},
{
"name": "15361",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15361"
},
{
"name": "17515",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17515/"
},
{
"name": "1015174",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"name": "ADV-2005-2361",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2361"
},
{
"name": "20716",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20716"
},
{
"name": "20051109 CYBSEC - Security Advisory: Multiple XSS in SAP WAS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113156601505542\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3635",
"datePublished": "2005-11-16T21:17:00",
"dateReserved": "2005-11-16T00:00:00",
"dateUpdated": "2024-08-07T23:17:23.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3633 (GCVE-0-2005-3633)
Vulnerability from nvd – Published: 2005-11-16 21:17 – Updated: 2024-08-07 23:17
VLAI?
Summary
HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20051109 CYBSEC - Security Advisory: HTTP Response Splitting in SAP WAS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113156438708932\u0026w=2"
},
{
"name": "sap-sapexiturl-response-splitting(23030)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23030"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_HTTP_Response_Splitting_in_SAP_WAS.pdf"
},
{
"name": "164",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/164"
},
{
"name": "20714",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20714"
},
{
"name": "17515",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17515/"
},
{
"name": "1015174",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"name": "ADV-2005-2361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2361"
},
{
"name": "15360",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15360/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20051109 CYBSEC - Security Advisory: HTTP Response Splitting in SAP WAS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113156438708932\u0026w=2"
},
{
"name": "sap-sapexiturl-response-splitting(23030)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23030"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_HTTP_Response_Splitting_in_SAP_WAS.pdf"
},
{
"name": "164",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/164"
},
{
"name": "20714",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20714"
},
{
"name": "17515",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17515/"
},
{
"name": "1015174",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"name": "ADV-2005-2361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2361"
},
{
"name": "15360",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15360/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3633",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051109 CYBSEC - Security Advisory: HTTP Response Splitting in SAP WAS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113156438708932\u0026w=2"
},
{
"name": "sap-sapexiturl-response-splitting(23030)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23030"
},
{
"name": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_HTTP_Response_Splitting_in_SAP_WAS.pdf",
"refsource": "MISC",
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_HTTP_Response_Splitting_in_SAP_WAS.pdf"
},
{
"name": "164",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/164"
},
{
"name": "20714",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20714"
},
{
"name": "17515",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17515/"
},
{
"name": "1015174",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"name": "ADV-2005-2361",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2361"
},
{
"name": "15360",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15360/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3633",
"datePublished": "2005-11-16T21:17:00",
"dateReserved": "2005-11-16T00:00:00",
"dateUpdated": "2024-08-07T23:17:23.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2421 (GCVE-0-2008-2421)
Vulnerability from cvelistv5 – Published: 2008-05-23 15:00 – Updated: 2024-08-07 08:58
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web Application Server (WAS) 7.0, Web Dynpro for ABAP (aka WD4A or WDA), and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under bc/gui/sap/its/webgui/.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:02.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080521 [DSECRG-08-023] SAP Web Application Server XSS Security Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/492376/100/0/threaded"
},
{
"name": "29317",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29317"
},
{
"name": "sap-sapbcguisapitswebgui-xss(42724)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42724"
},
{
"name": "1020097",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020097"
},
{
"name": "ADV-2008-1599",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1599/references"
},
{
"name": "30334",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30334"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web Application Server (WAS) 7.0, Web Dynpro for ABAP (aka WD4A or WDA), and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under bc/gui/sap/its/webgui/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080521 [DSECRG-08-023] SAP Web Application Server XSS Security Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/492376/100/0/threaded"
},
{
"name": "29317",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29317"
},
{
"name": "sap-sapbcguisapitswebgui-xss(42724)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42724"
},
{
"name": "1020097",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020097"
},
{
"name": "ADV-2008-1599",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1599/references"
},
{
"name": "30334",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30334"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web Application Server (WAS) 7.0, Web Dynpro for ABAP (aka WD4A or WDA), and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under bc/gui/sap/its/webgui/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080521 [DSECRG-08-023] SAP Web Application Server XSS Security Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492376/100/0/threaded"
},
{
"name": "29317",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29317"
},
{
"name": "sap-sapbcguisapitswebgui-xss(42724)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42724"
},
{
"name": "1020097",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020097"
},
{
"name": "ADV-2008-1599",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1599/references"
},
{
"name": "30334",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30334"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2421",
"datePublished": "2008-05-23T15:00:00",
"dateReserved": "2008-05-23T00:00:00",
"dateUpdated": "2024-08-07T08:58:02.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3615 (GCVE-0-2007-3615)
Vulnerability from cvelistv5 – Published: 2007-07-06 19:00 – Updated: 2024-08-07 14:21
VLAI?
Summary
Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:36.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070705 Internet Communication Manager Denial Of Service Attack",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0105.html"
},
{
"name": "sap-icman-dos(35278)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35278"
},
{
"name": "20070705 Internet Communication Manager Denial Of Service Attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/472890/100/0/threaded"
},
{
"name": "38095",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38095"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/"
},
{
"name": "25964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25964"
},
{
"name": "1018336",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018336"
},
{
"name": "ADV-2007-2450",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2450"
},
{
"name": "24774",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24774"
},
{
"name": "2875",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2875"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070705 Internet Communication Manager Denial Of Service Attack",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0105.html"
},
{
"name": "sap-icman-dos(35278)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35278"
},
{
"name": "20070705 Internet Communication Manager Denial Of Service Attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/472890/100/0/threaded"
},
{
"name": "38095",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38095"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/"
},
{
"name": "25964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25964"
},
{
"name": "1018336",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018336"
},
{
"name": "ADV-2007-2450",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2450"
},
{
"name": "24774",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24774"
},
{
"name": "2875",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2875"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070705 Internet Communication Manager Denial Of Service Attack",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0105.html"
},
{
"name": "sap-icman-dos(35278)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35278"
},
{
"name": "20070705 Internet Communication Manager Denial Of Service Attack",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/472890/100/0/threaded"
},
{
"name": "38095",
"refsource": "OSVDB",
"url": "http://osvdb.org/38095"
},
{
"name": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/"
},
{
"name": "25964",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25964"
},
{
"name": "1018336",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018336"
},
{
"name": "ADV-2007-2450",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2450"
},
{
"name": "24774",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24774"
},
{
"name": "2875",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2875"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3615",
"datePublished": "2007-07-06T19:00:00",
"dateReserved": "2007-07-06T00:00:00",
"dateUpdated": "2024-08-07T14:21:36.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6011 (GCVE-0-2006-6011)
Vulnerability from cvelistv5 – Published: 2006-11-21 23:00 – Updated: 2024-08-07 20:12
VLAI?
Summary
Unspecified vulnerability in SAP Web Application Server before 6.40 patch 6 allows remote attackers to cause a denial of service (enserver.exe crash) via a certain UDP packet to port 64999, aka "two bytes UDP crash," a different vulnerability than CVE-2006-5785.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:12:31.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1889",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1889"
},
{
"name": "20061112 Old SAP exploits",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/451378/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in SAP Web Application Server before 6.40 patch 6 allows remote attackers to cause a denial of service (enserver.exe crash) via a certain UDP packet to port 64999, aka \"two bytes UDP crash,\" a different vulnerability than CVE-2006-5785."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1889",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1889"
},
{
"name": "20061112 Old SAP exploits",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/451378/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in SAP Web Application Server before 6.40 patch 6 allows remote attackers to cause a denial of service (enserver.exe crash) via a certain UDP packet to port 64999, aka \"two bytes UDP crash,\" a different vulnerability than CVE-2006-5785."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1889",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1889"
},
{
"name": "20061112 Old SAP exploits",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451378/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6011",
"datePublished": "2006-11-21T23:00:00",
"dateReserved": "2006-11-21T00:00:00",
"dateUpdated": "2024-08-07T20:12:31.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6010 (GCVE-0-2006-6010)
Vulnerability from cvelistv5 – Published: 2006-11-21 23:00 – Updated: 2024-08-07 20:12
VLAI?
Summary
SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:12:31.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1889",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1889"
},
{
"name": "netweaver-rfcsysteminfo-info-disclosure(39997)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39997"
},
{
"name": "20061112 Old SAP exploits",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/451378/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1889",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1889"
},
{
"name": "netweaver-rfcsysteminfo-info-disclosure(39997)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39997"
},
{
"name": "20061112 Old SAP exploits",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/451378/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1889",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1889"
},
{
"name": "netweaver-rfcsysteminfo-info-disclosure(39997)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39997"
},
{
"name": "20061112 Old SAP exploits",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451378/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6010",
"datePublished": "2006-11-21T23:00:00",
"dateReserved": "2006-11-21T00:00:00",
"dateUpdated": "2024-08-07T20:12:31.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5785 (GCVE-0-2006-5785)
Vulnerability from cvelistv5 – Published: 2006-11-07 23:00 – Updated: 2024-08-07 20:04
VLAI?
Summary
Unspecified vulnerability in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to cause a denial of service (enserver.exe crash) via a 0x72F2 sequence on UDP port 64999.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:55.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1828",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1828"
},
{
"name": "ADV-2006-4318",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4318"
},
{
"name": "20070208 Multiple vulnerabilities in SAP WebAS 6.40 and 7.00 (technicaldetails)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/459499/100/0/threaded"
},
{
"name": "20061102 Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/450394/100/0/threaded"
},
{
"name": "20873",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20873"
},
{
"name": "sap-enserver-dos(29981)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29981"
},
{
"name": "22677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22677"
},
{
"name": "1017628",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017628"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to cause a denial of service (enserver.exe crash) via a 0x72F2 sequence on UDP port 64999."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1828",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1828"
},
{
"name": "ADV-2006-4318",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4318"
},
{
"name": "20070208 Multiple vulnerabilities in SAP WebAS 6.40 and 7.00 (technicaldetails)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/459499/100/0/threaded"
},
{
"name": "20061102 Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/450394/100/0/threaded"
},
{
"name": "20873",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20873"
},
{
"name": "sap-enserver-dos(29981)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29981"
},
{
"name": "22677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22677"
},
{
"name": "1017628",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017628"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5785",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to cause a denial of service (enserver.exe crash) via a 0x72F2 sequence on UDP port 64999."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1828",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1828"
},
{
"name": "ADV-2006-4318",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4318"
},
{
"name": "20070208 Multiple vulnerabilities in SAP WebAS 6.40 and 7.00 (technicaldetails)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/459499/100/0/threaded"
},
{
"name": "20061102 Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450394/100/0/threaded"
},
{
"name": "20873",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20873"
},
{
"name": "sap-enserver-dos(29981)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29981"
},
{
"name": "22677",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22677"
},
{
"name": "1017628",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017628"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5785",
"datePublished": "2006-11-07T23:00:00",
"dateReserved": "2006-11-07T00:00:00",
"dateUpdated": "2024-08-07T20:04:55.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5784 (GCVE-0-2006-5784)
Vulnerability from cvelistv5 – Published: 2006-11-07 23:00 – Updated: 2024-08-07 20:04
VLAI?
Summary
Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a "3200+SYSNR" TCP port, as demonstrated by port 3201. NOTE: this issue can be leveraged by local users to access a named pipe as the SAPServiceJ2E user.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:55.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "sap-pipe-privilege-escalation(29982)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29982"
},
{
"name": "1828",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1828"
},
{
"name": "ADV-2006-4318",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4318"
},
{
"name": "20877",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20877"
},
{
"name": "20070208 Multiple vulnerabilities in SAP WebAS 6.40 and 7.00 (technicaldetails)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/459499/100/0/threaded"
},
{
"name": "20061102 Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/450394/100/0/threaded"
},
{
"name": "3291",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3291"
},
{
"name": "22677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22677"
},
{
"name": "1017628",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017628"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a \"3200+SYSNR\" TCP port, as demonstrated by port 3201. NOTE: this issue can be leveraged by local users to access a named pipe as the SAPServiceJ2E user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "sap-pipe-privilege-escalation(29982)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29982"
},
{
"name": "1828",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1828"
},
{
"name": "ADV-2006-4318",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4318"
},
{
"name": "20877",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20877"
},
{
"name": "20070208 Multiple vulnerabilities in SAP WebAS 6.40 and 7.00 (technicaldetails)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/459499/100/0/threaded"
},
{
"name": "20061102 Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/450394/100/0/threaded"
},
{
"name": "3291",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3291"
},
{
"name": "22677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22677"
},
{
"name": "1017628",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017628"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a \"3200+SYSNR\" TCP port, as demonstrated by port 3201. NOTE: this issue can be leveraged by local users to access a named pipe as the SAPServiceJ2E user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sap-pipe-privilege-escalation(29982)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29982"
},
{
"name": "1828",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1828"
},
{
"name": "ADV-2006-4318",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4318"
},
{
"name": "20877",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20877"
},
{
"name": "20070208 Multiple vulnerabilities in SAP WebAS 6.40 and 7.00 (technicaldetails)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/459499/100/0/threaded"
},
{
"name": "20061102 Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450394/100/0/threaded"
},
{
"name": "3291",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3291"
},
{
"name": "22677",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22677"
},
{
"name": "1017628",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017628"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5784",
"datePublished": "2006-11-07T23:00:00",
"dateReserved": "2006-11-07T00:00:00",
"dateUpdated": "2024-08-07T20:04:55.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1039 (GCVE-0-2006-1039)
Vulnerability from cvelistv5 – Published: 2006-03-07 11:00 – Updated: 2024-08-07 16:56
VLAI?
Summary
SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:15.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1015702",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015702"
},
{
"name": "sap-was-url-obtain-information(25003)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25003"
},
{
"name": "19085",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19085"
},
{
"name": "18006",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18006"
},
{
"name": "20060301 SAP Web Application Server http request url parsing vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/426449/100/0/threaded"
},
{
"name": "ADV-2006-0810",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0810"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a \";%20\" followed by encoded HTTP headers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1015702",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015702"
},
{
"name": "sap-was-url-obtain-information(25003)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25003"
},
{
"name": "19085",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19085"
},
{
"name": "18006",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18006"
},
{
"name": "20060301 SAP Web Application Server http request url parsing vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/426449/100/0/threaded"
},
{
"name": "ADV-2006-0810",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0810"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a \";%20\" followed by encoded HTTP headers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015702",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015702"
},
{
"name": "sap-was-url-obtain-information(25003)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25003"
},
{
"name": "19085",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19085"
},
{
"name": "18006",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18006"
},
{
"name": "20060301 SAP Web Application Server http request url parsing vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426449/100/0/threaded"
},
{
"name": "ADV-2006-0810",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0810"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1039",
"datePublished": "2006-03-07T11:00:00",
"dateReserved": "2006-03-07T00:00:00",
"dateUpdated": "2024-08-07T16:56:15.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3634 (GCVE-0-2005-3634)
Vulnerability from cvelistv5 – Published: 2005-11-16 21:17 – Updated: 2024-08-07 23:17
VLAI?
Summary
frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf"
},
{
"name": "sap-sapexiturl-http-header-injection(23031)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23031"
},
{
"name": "15362",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15362"
},
{
"name": "163",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/163"
},
{
"name": "20051109 CYBSEC - Security Advisory: Phishing Vector in SAP WAS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113156525006667\u0026w=2"
},
{
"name": "17515",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17515/"
},
{
"name": "1015174",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"name": "ADV-2005-2361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2361"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf"
},
{
"name": "sap-sapexiturl-http-header-injection(23031)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23031"
},
{
"name": "15362",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15362"
},
{
"name": "163",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/163"
},
{
"name": "20051109 CYBSEC - Security Advisory: Phishing Vector in SAP WAS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113156525006667\u0026w=2"
},
{
"name": "17515",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17515/"
},
{
"name": "1015174",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"name": "ADV-2005-2361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2361"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf",
"refsource": "MISC",
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf"
},
{
"name": "sap-sapexiturl-http-header-injection(23031)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23031"
},
{
"name": "15362",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15362"
},
{
"name": "163",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/163"
},
{
"name": "20051109 CYBSEC - Security Advisory: Phishing Vector in SAP WAS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113156525006667\u0026w=2"
},
{
"name": "17515",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17515/"
},
{
"name": "1015174",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"name": "ADV-2005-2361",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2361"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3634",
"datePublished": "2005-11-16T21:17:00",
"dateReserved": "2005-11-16T00:00:00",
"dateUpdated": "2024-08-07T23:17:23.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3636 (GCVE-0-2005-3636)
Vulnerability from cvelistv5 – Published: 2005-11-16 21:17 – Updated: 2024-08-07 23:17
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf"
},
{
"name": "162",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/162"
},
{
"name": "15361",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15361"
},
{
"name": "sap-error-message-script-injection(23029)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23029"
},
{
"name": "20715",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20715"
},
{
"name": "17515",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17515/"
},
{
"name": "1015174",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"name": "ADV-2005-2361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2361"
},
{
"name": "20051109 CYBSEC - Security Advisory: Multiple XSS in SAP WAS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113156601505542\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf"
},
{
"name": "162",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/162"
},
{
"name": "15361",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15361"
},
{
"name": "sap-error-message-script-injection(23029)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23029"
},
{
"name": "20715",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20715"
},
{
"name": "17515",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17515/"
},
{
"name": "1015174",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"name": "ADV-2005-2361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2361"
},
{
"name": "20051109 CYBSEC - Security Advisory: Multiple XSS in SAP WAS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113156601505542\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf",
"refsource": "MISC",
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf"
},
{
"name": "162",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/162"
},
{
"name": "15361",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15361"
},
{
"name": "sap-error-message-script-injection(23029)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23029"
},
{
"name": "20715",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20715"
},
{
"name": "17515",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17515/"
},
{
"name": "1015174",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"name": "ADV-2005-2361",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2361"
},
{
"name": "20051109 CYBSEC - Security Advisory: Multiple XSS in SAP WAS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113156601505542\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3636",
"datePublished": "2005-11-16T21:17:00",
"dateReserved": "2005-11-16T00:00:00",
"dateUpdated": "2024-08-07T23:17:23.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3635 (GCVE-0-2005-3635)
Vulnerability from cvelistv5 – Published: 2005-11-16 21:17 – Updated: 2024-08-07 23:17
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf"
},
{
"name": "20717",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20717"
},
{
"name": "162",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/162"
},
{
"name": "sap-fameset-systempublic-xss(23027)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23027"
},
{
"name": "15361",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15361"
},
{
"name": "17515",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17515/"
},
{
"name": "1015174",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"name": "ADV-2005-2361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2361"
},
{
"name": "20716",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20716"
},
{
"name": "20051109 CYBSEC - Security Advisory: Multiple XSS in SAP WAS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113156601505542\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf"
},
{
"name": "20717",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20717"
},
{
"name": "162",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/162"
},
{
"name": "sap-fameset-systempublic-xss(23027)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23027"
},
{
"name": "15361",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15361"
},
{
"name": "17515",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17515/"
},
{
"name": "1015174",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"name": "ADV-2005-2361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2361"
},
{
"name": "20716",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20716"
},
{
"name": "20051109 CYBSEC - Security Advisory: Multiple XSS in SAP WAS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113156601505542\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf",
"refsource": "MISC",
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf"
},
{
"name": "20717",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20717"
},
{
"name": "162",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/162"
},
{
"name": "sap-fameset-systempublic-xss(23027)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23027"
},
{
"name": "15361",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15361"
},
{
"name": "17515",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17515/"
},
{
"name": "1015174",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"name": "ADV-2005-2361",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2361"
},
{
"name": "20716",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20716"
},
{
"name": "20051109 CYBSEC - Security Advisory: Multiple XSS in SAP WAS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113156601505542\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3635",
"datePublished": "2005-11-16T21:17:00",
"dateReserved": "2005-11-16T00:00:00",
"dateUpdated": "2024-08-07T23:17:23.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3633 (GCVE-0-2005-3633)
Vulnerability from cvelistv5 – Published: 2005-11-16 21:17 – Updated: 2024-08-07 23:17
VLAI?
Summary
HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20051109 CYBSEC - Security Advisory: HTTP Response Splitting in SAP WAS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113156438708932\u0026w=2"
},
{
"name": "sap-sapexiturl-response-splitting(23030)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23030"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_HTTP_Response_Splitting_in_SAP_WAS.pdf"
},
{
"name": "164",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/164"
},
{
"name": "20714",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20714"
},
{
"name": "17515",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17515/"
},
{
"name": "1015174",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"name": "ADV-2005-2361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2361"
},
{
"name": "15360",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15360/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20051109 CYBSEC - Security Advisory: HTTP Response Splitting in SAP WAS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113156438708932\u0026w=2"
},
{
"name": "sap-sapexiturl-response-splitting(23030)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23030"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_HTTP_Response_Splitting_in_SAP_WAS.pdf"
},
{
"name": "164",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/164"
},
{
"name": "20714",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20714"
},
{
"name": "17515",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17515/"
},
{
"name": "1015174",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"name": "ADV-2005-2361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2361"
},
{
"name": "15360",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15360/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3633",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051109 CYBSEC - Security Advisory: HTTP Response Splitting in SAP WAS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113156438708932\u0026w=2"
},
{
"name": "sap-sapexiturl-response-splitting(23030)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23030"
},
{
"name": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_HTTP_Response_Splitting_in_SAP_WAS.pdf",
"refsource": "MISC",
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_HTTP_Response_Splitting_in_SAP_WAS.pdf"
},
{
"name": "164",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/164"
},
{
"name": "20714",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20714"
},
{
"name": "17515",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17515/"
},
{
"name": "1015174",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"name": "ADV-2005-2361",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2361"
},
{
"name": "15360",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15360/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3633",
"datePublished": "2005-11-16T21:17:00",
"dateReserved": "2005-11-16T00:00:00",
"dateUpdated": "2024-08-07T23:17:23.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}