Vulnerabilites related to sap - sap_web_application_server
cve-2008-2421
Vulnerability from cvelistv5
Published
2008-05-23 15:00
Modified
2024-08-07 08:58
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web Application Server (WAS) 7.0, Web Dynpro for ABAP (aka WD4A or WDA), and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under bc/gui/sap/its/webgui/.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/492376/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/29317 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42724 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id?1020097 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2008/1599/references | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/30334 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:02.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080521 [DSECRG-08-023] SAP Web Application Server XSS Security Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/492376/100/0/threaded"
},
{
"name": "29317",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29317"
},
{
"name": "sap-sapbcguisapitswebgui-xss(42724)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42724"
},
{
"name": "1020097",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020097"
},
{
"name": "ADV-2008-1599",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1599/references"
},
{
"name": "30334",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30334"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web Application Server (WAS) 7.0, Web Dynpro for ABAP (aka WD4A or WDA), and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under bc/gui/sap/its/webgui/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080521 [DSECRG-08-023] SAP Web Application Server XSS Security Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/492376/100/0/threaded"
},
{
"name": "29317",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29317"
},
{
"name": "sap-sapbcguisapitswebgui-xss(42724)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42724"
},
{
"name": "1020097",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020097"
},
{
"name": "ADV-2008-1599",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1599/references"
},
{
"name": "30334",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30334"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web Application Server (WAS) 7.0, Web Dynpro for ABAP (aka WD4A or WDA), and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under bc/gui/sap/its/webgui/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080521 [DSECRG-08-023] SAP Web Application Server XSS Security Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492376/100/0/threaded"
},
{
"name": "29317",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29317"
},
{
"name": "sap-sapbcguisapitswebgui-xss(42724)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42724"
},
{
"name": "1020097",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020097"
},
{
"name": "ADV-2008-1599",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1599/references"
},
{
"name": "30334",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30334"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2421",
"datePublished": "2008-05-23T15:00:00",
"dateReserved": "2008-05-23T00:00:00",
"dateUpdated": "2024-08-07T08:58:02.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4603
Vulnerability from cvelistv5
Published
2010-01-12 17:00
Modified
2024-09-16 22:56
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service (Management Console shutdown) via a crafted request. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1023319 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/37684 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.cybsec.com/vuln/CYBSEC_SAP_sapstartsrv_DoS.pdf | x_refsource_MISC | |
| https://service.sap.com/sap/support/notes/1302231 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/37286 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:08:37.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1023319",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023319"
},
{
"name": "37684",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37684"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cybsec.com/vuln/CYBSEC_SAP_sapstartsrv_DoS.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://service.sap.com/sap/support/notes/1302231"
},
{
"name": "37286",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37286"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service (Management Console shutdown) via a crafted request. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-12T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1023319",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023319"
},
{
"name": "37684",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37684"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cybsec.com/vuln/CYBSEC_SAP_sapstartsrv_DoS.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://service.sap.com/sap/support/notes/1302231"
},
{
"name": "37286",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37286"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service (Management Console shutdown) via a crafted request. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1023319",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023319"
},
{
"name": "37684",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37684"
},
{
"name": "http://www.cybsec.com/vuln/CYBSEC_SAP_sapstartsrv_DoS.pdf",
"refsource": "MISC",
"url": "http://www.cybsec.com/vuln/CYBSEC_SAP_sapstartsrv_DoS.pdf"
},
{
"name": "https://service.sap.com/sap/support/notes/1302231",
"refsource": "MISC",
"url": "https://service.sap.com/sap/support/notes/1302231"
},
{
"name": "37286",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37286"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4603",
"datePublished": "2010-01-12T17:00:00Z",
"dateReserved": "2010-01-12T00:00:00Z",
"dateUpdated": "2024-09-16T22:56:36.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3635
Vulnerability from cvelistv5
Published
2005-11-16 21:17
Modified
2024-08-07 23:17
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf | x_refsource_MISC | |
| http://www.osvdb.org/20717 | vdb-entry, x_refsource_OSVDB | |
| http://securityreason.com/securityalert/162 | third-party-advisory, x_refsource_SREASON | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/23027 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/15361 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/17515/ | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/alerts/2005/Nov/1015174.html | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2005/2361 | vdb-entry, x_refsource_VUPEN | |
| http://www.osvdb.org/20716 | vdb-entry, x_refsource_OSVDB | |
| http://marc.info/?l=bugtraq&m=113156601505542&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf"
},
{
"name": "20717",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20717"
},
{
"name": "162",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/162"
},
{
"name": "sap-fameset-systempublic-xss(23027)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23027"
},
{
"name": "15361",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15361"
},
{
"name": "17515",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17515/"
},
{
"name": "1015174",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"name": "ADV-2005-2361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2361"
},
{
"name": "20716",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20716"
},
{
"name": "20051109 CYBSEC - Security Advisory: Multiple XSS in SAP WAS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113156601505542\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf"
},
{
"name": "20717",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20717"
},
{
"name": "162",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/162"
},
{
"name": "sap-fameset-systempublic-xss(23027)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23027"
},
{
"name": "15361",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15361"
},
{
"name": "17515",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17515/"
},
{
"name": "1015174",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"name": "ADV-2005-2361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2361"
},
{
"name": "20716",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20716"
},
{
"name": "20051109 CYBSEC - Security Advisory: Multiple XSS in SAP WAS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113156601505542\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf",
"refsource": "MISC",
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf"
},
{
"name": "20717",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20717"
},
{
"name": "162",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/162"
},
{
"name": "sap-fameset-systempublic-xss(23027)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23027"
},
{
"name": "15361",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15361"
},
{
"name": "17515",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17515/"
},
{
"name": "1015174",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"name": "ADV-2005-2361",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2361"
},
{
"name": "20716",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20716"
},
{
"name": "20051109 CYBSEC - Security Advisory: Multiple XSS in SAP WAS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113156601505542\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3635",
"datePublished": "2005-11-16T21:17:00",
"dateReserved": "2005-11-16T00:00:00",
"dateUpdated": "2024-08-07T23:17:23.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-6011
Vulnerability from cvelistv5
Published
2006-11-21 23:00
Modified
2024-08-07 20:12
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in SAP Web Application Server before 6.40 patch 6 allows remote attackers to cause a denial of service (enserver.exe crash) via a certain UDP packet to port 64999, aka "two bytes UDP crash," a different vulnerability than CVE-2006-5785.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityreason.com/securityalert/1889 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/archive/1/451378/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:12:31.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1889",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1889"
},
{
"name": "20061112 Old SAP exploits",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/451378/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in SAP Web Application Server before 6.40 patch 6 allows remote attackers to cause a denial of service (enserver.exe crash) via a certain UDP packet to port 64999, aka \"two bytes UDP crash,\" a different vulnerability than CVE-2006-5785."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1889",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1889"
},
{
"name": "20061112 Old SAP exploits",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/451378/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in SAP Web Application Server before 6.40 patch 6 allows remote attackers to cause a denial of service (enserver.exe crash) via a certain UDP packet to port 64999, aka \"two bytes UDP crash,\" a different vulnerability than CVE-2006-5785."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1889",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1889"
},
{
"name": "20061112 Old SAP exploits",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451378/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6011",
"datePublished": "2006-11-21T23:00:00",
"dateReserved": "2006-11-21T00:00:00",
"dateUpdated": "2024-08-07T20:12:31.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3615
Vulnerability from cvelistv5
Published
2007-07-06 19:00
Modified
2024-08-07 14:21
Severity ?
EPSS score ?
Summary
Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0105.html | mailing-list, x_refsource_FULLDISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35278 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/472890/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://osvdb.org/38095 | vdb-entry, x_refsource_OSVDB | |
| http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/ | x_refsource_MISC | |
| http://secunia.com/advisories/25964 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1018336 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2007/2450 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/24774 | vdb-entry, x_refsource_BID | |
| http://securityreason.com/securityalert/2875 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:36.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070705 Internet Communication Manager Denial Of Service Attack",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0105.html"
},
{
"name": "sap-icman-dos(35278)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35278"
},
{
"name": "20070705 Internet Communication Manager Denial Of Service Attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/472890/100/0/threaded"
},
{
"name": "38095",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38095"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/"
},
{
"name": "25964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25964"
},
{
"name": "1018336",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018336"
},
{
"name": "ADV-2007-2450",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2450"
},
{
"name": "24774",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24774"
},
{
"name": "2875",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2875"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070705 Internet Communication Manager Denial Of Service Attack",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0105.html"
},
{
"name": "sap-icman-dos(35278)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35278"
},
{
"name": "20070705 Internet Communication Manager Denial Of Service Attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/472890/100/0/threaded"
},
{
"name": "38095",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38095"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/"
},
{
"name": "25964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25964"
},
{
"name": "1018336",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018336"
},
{
"name": "ADV-2007-2450",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2450"
},
{
"name": "24774",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24774"
},
{
"name": "2875",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2875"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070705 Internet Communication Manager Denial Of Service Attack",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0105.html"
},
{
"name": "sap-icman-dos(35278)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35278"
},
{
"name": "20070705 Internet Communication Manager Denial Of Service Attack",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/472890/100/0/threaded"
},
{
"name": "38095",
"refsource": "OSVDB",
"url": "http://osvdb.org/38095"
},
{
"name": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/"
},
{
"name": "25964",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25964"
},
{
"name": "1018336",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018336"
},
{
"name": "ADV-2007-2450",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2450"
},
{
"name": "24774",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24774"
},
{
"name": "2875",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2875"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3615",
"datePublished": "2007-07-06T19:00:00",
"dateReserved": "2007-07-06T00:00:00",
"dateUpdated": "2024-08-07T14:21:36.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5785
Vulnerability from cvelistv5
Published
2006-11-07 23:00
Modified
2024-08-07 20:04
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to cause a denial of service (enserver.exe crash) via a 0x72F2 sequence on UDP port 64999.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityreason.com/securityalert/1828 | third-party-advisory, x_refsource_SREASON | |
| http://www.vupen.com/english/advisories/2006/4318 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/459499/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/450394/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/20873 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/29981 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/22677 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1017628 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:55.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1828",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1828"
},
{
"name": "ADV-2006-4318",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4318"
},
{
"name": "20070208 Multiple vulnerabilities in SAP WebAS 6.40 and 7.00 (technicaldetails)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/459499/100/0/threaded"
},
{
"name": "20061102 Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/450394/100/0/threaded"
},
{
"name": "20873",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20873"
},
{
"name": "sap-enserver-dos(29981)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29981"
},
{
"name": "22677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22677"
},
{
"name": "1017628",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017628"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to cause a denial of service (enserver.exe crash) via a 0x72F2 sequence on UDP port 64999."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1828",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1828"
},
{
"name": "ADV-2006-4318",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4318"
},
{
"name": "20070208 Multiple vulnerabilities in SAP WebAS 6.40 and 7.00 (technicaldetails)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/459499/100/0/threaded"
},
{
"name": "20061102 Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/450394/100/0/threaded"
},
{
"name": "20873",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20873"
},
{
"name": "sap-enserver-dos(29981)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29981"
},
{
"name": "22677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22677"
},
{
"name": "1017628",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017628"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5785",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to cause a denial of service (enserver.exe crash) via a 0x72F2 sequence on UDP port 64999."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1828",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1828"
},
{
"name": "ADV-2006-4318",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4318"
},
{
"name": "20070208 Multiple vulnerabilities in SAP WebAS 6.40 and 7.00 (technicaldetails)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/459499/100/0/threaded"
},
{
"name": "20061102 Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450394/100/0/threaded"
},
{
"name": "20873",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20873"
},
{
"name": "sap-enserver-dos(29981)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29981"
},
{
"name": "22677",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22677"
},
{
"name": "1017628",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017628"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5785",
"datePublished": "2006-11-07T23:00:00",
"dateReserved": "2006-11-07T00:00:00",
"dateUpdated": "2024-08-07T20:04:55.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5784
Vulnerability from cvelistv5
Published
2006-11-07 23:00
Modified
2024-08-07 20:04
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a "3200+SYSNR" TCP port, as demonstrated by port 3201. NOTE: this issue can be leveraged by local users to access a named pipe as the SAPServiceJ2E user.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/29982 | vdb-entry, x_refsource_XF | |
| http://securityreason.com/securityalert/1828 | third-party-advisory, x_refsource_SREASON | |
| http://www.vupen.com/english/advisories/2006/4318 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/20877 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/459499/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/450394/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://www.exploit-db.com/exploits/3291 | exploit, x_refsource_EXPLOIT-DB | |
| http://secunia.com/advisories/22677 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1017628 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:55.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "sap-pipe-privilege-escalation(29982)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29982"
},
{
"name": "1828",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1828"
},
{
"name": "ADV-2006-4318",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4318"
},
{
"name": "20877",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20877"
},
{
"name": "20070208 Multiple vulnerabilities in SAP WebAS 6.40 and 7.00 (technicaldetails)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/459499/100/0/threaded"
},
{
"name": "20061102 Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/450394/100/0/threaded"
},
{
"name": "3291",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3291"
},
{
"name": "22677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22677"
},
{
"name": "1017628",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017628"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a \"3200+SYSNR\" TCP port, as demonstrated by port 3201. NOTE: this issue can be leveraged by local users to access a named pipe as the SAPServiceJ2E user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "sap-pipe-privilege-escalation(29982)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29982"
},
{
"name": "1828",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1828"
},
{
"name": "ADV-2006-4318",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4318"
},
{
"name": "20877",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20877"
},
{
"name": "20070208 Multiple vulnerabilities in SAP WebAS 6.40 and 7.00 (technicaldetails)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/459499/100/0/threaded"
},
{
"name": "20061102 Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/450394/100/0/threaded"
},
{
"name": "3291",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3291"
},
{
"name": "22677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22677"
},
{
"name": "1017628",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017628"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a \"3200+SYSNR\" TCP port, as demonstrated by port 3201. NOTE: this issue can be leveraged by local users to access a named pipe as the SAPServiceJ2E user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sap-pipe-privilege-escalation(29982)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29982"
},
{
"name": "1828",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1828"
},
{
"name": "ADV-2006-4318",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4318"
},
{
"name": "20877",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20877"
},
{
"name": "20070208 Multiple vulnerabilities in SAP WebAS 6.40 and 7.00 (technicaldetails)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/459499/100/0/threaded"
},
{
"name": "20061102 Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450394/100/0/threaded"
},
{
"name": "3291",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3291"
},
{
"name": "22677",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22677"
},
{
"name": "1017628",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017628"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5784",
"datePublished": "2006-11-07T23:00:00",
"dateReserved": "2006-11-07T00:00:00",
"dateUpdated": "2024-08-07T20:04:55.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3633
Vulnerability from cvelistv5
Published
2005-11-16 21:17
Modified
2024-08-07 23:17
Severity ?
EPSS score ?
Summary
HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=113156438708932&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/23030 | vdb-entry, x_refsource_XF | |
| http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_HTTP_Response_Splitting_in_SAP_WAS.pdf | x_refsource_MISC | |
| http://securityreason.com/securityalert/164 | third-party-advisory, x_refsource_SREASON | |
| http://www.osvdb.org/20714 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/17515/ | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/alerts/2005/Nov/1015174.html | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2005/2361 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/15360/ | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20051109 CYBSEC - Security Advisory: HTTP Response Splitting in SAP WAS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113156438708932\u0026w=2"
},
{
"name": "sap-sapexiturl-response-splitting(23030)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23030"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_HTTP_Response_Splitting_in_SAP_WAS.pdf"
},
{
"name": "164",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/164"
},
{
"name": "20714",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20714"
},
{
"name": "17515",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17515/"
},
{
"name": "1015174",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"name": "ADV-2005-2361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2361"
},
{
"name": "15360",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15360/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20051109 CYBSEC - Security Advisory: HTTP Response Splitting in SAP WAS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113156438708932\u0026w=2"
},
{
"name": "sap-sapexiturl-response-splitting(23030)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23030"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_HTTP_Response_Splitting_in_SAP_WAS.pdf"
},
{
"name": "164",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/164"
},
{
"name": "20714",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20714"
},
{
"name": "17515",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17515/"
},
{
"name": "1015174",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"name": "ADV-2005-2361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2361"
},
{
"name": "15360",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15360/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3633",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051109 CYBSEC - Security Advisory: HTTP Response Splitting in SAP WAS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113156438708932\u0026w=2"
},
{
"name": "sap-sapexiturl-response-splitting(23030)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23030"
},
{
"name": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_HTTP_Response_Splitting_in_SAP_WAS.pdf",
"refsource": "MISC",
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_HTTP_Response_Splitting_in_SAP_WAS.pdf"
},
{
"name": "164",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/164"
},
{
"name": "20714",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20714"
},
{
"name": "17515",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17515/"
},
{
"name": "1015174",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"name": "ADV-2005-2361",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2361"
},
{
"name": "15360",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15360/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3633",
"datePublished": "2005-11-16T21:17:00",
"dateReserved": "2005-11-16T00:00:00",
"dateUpdated": "2024-08-07T23:17:23.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-6010
Vulnerability from cvelistv5
Published
2006-11-21 23:00
Modified
2024-08-07 20:12
Severity ?
EPSS score ?
Summary
SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityreason.com/securityalert/1889 | third-party-advisory, x_refsource_SREASON | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/39997 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/451378/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:12:31.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1889",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1889"
},
{
"name": "netweaver-rfcsysteminfo-info-disclosure(39997)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39997"
},
{
"name": "20061112 Old SAP exploits",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/451378/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1889",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1889"
},
{
"name": "netweaver-rfcsysteminfo-info-disclosure(39997)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39997"
},
{
"name": "20061112 Old SAP exploits",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/451378/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1889",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1889"
},
{
"name": "netweaver-rfcsysteminfo-info-disclosure(39997)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39997"
},
{
"name": "20061112 Old SAP exploits",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451378/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6010",
"datePublished": "2006-11-21T23:00:00",
"dateReserved": "2006-11-21T00:00:00",
"dateUpdated": "2024-08-07T20:12:31.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3636
Vulnerability from cvelistv5
Published
2005-11-16 21:17
Modified
2024-08-07 23:17
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf | x_refsource_MISC | |
| http://securityreason.com/securityalert/162 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/bid/15361 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/23029 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/20715 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/17515/ | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/alerts/2005/Nov/1015174.html | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2005/2361 | vdb-entry, x_refsource_VUPEN | |
| http://marc.info/?l=bugtraq&m=113156601505542&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf"
},
{
"name": "162",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/162"
},
{
"name": "15361",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15361"
},
{
"name": "sap-error-message-script-injection(23029)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23029"
},
{
"name": "20715",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20715"
},
{
"name": "17515",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17515/"
},
{
"name": "1015174",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"name": "ADV-2005-2361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2361"
},
{
"name": "20051109 CYBSEC - Security Advisory: Multiple XSS in SAP WAS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113156601505542\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf"
},
{
"name": "162",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/162"
},
{
"name": "15361",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15361"
},
{
"name": "sap-error-message-script-injection(23029)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23029"
},
{
"name": "20715",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20715"
},
{
"name": "17515",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17515/"
},
{
"name": "1015174",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"name": "ADV-2005-2361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2361"
},
{
"name": "20051109 CYBSEC - Security Advisory: Multiple XSS in SAP WAS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113156601505542\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf",
"refsource": "MISC",
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf"
},
{
"name": "162",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/162"
},
{
"name": "15361",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15361"
},
{
"name": "sap-error-message-script-injection(23029)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23029"
},
{
"name": "20715",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20715"
},
{
"name": "17515",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17515/"
},
{
"name": "1015174",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"name": "ADV-2005-2361",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2361"
},
{
"name": "20051109 CYBSEC - Security Advisory: Multiple XSS in SAP WAS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113156601505542\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3636",
"datePublished": "2005-11-16T21:17:00",
"dateReserved": "2005-11-16T00:00:00",
"dateUpdated": "2024-08-07T23:17:23.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-1039
Vulnerability from cvelistv5
Published
2006-03-07 11:00
Modified
2024-08-07 16:56
Severity ?
EPSS score ?
Summary
SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1015702 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/25003 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/19085 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/18006 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/426449/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.vupen.com/english/advisories/2006/0810 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:15.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1015702",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015702"
},
{
"name": "sap-was-url-obtain-information(25003)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25003"
},
{
"name": "19085",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19085"
},
{
"name": "18006",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18006"
},
{
"name": "20060301 SAP Web Application Server http request url parsing vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/426449/100/0/threaded"
},
{
"name": "ADV-2006-0810",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0810"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a \";%20\" followed by encoded HTTP headers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1015702",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015702"
},
{
"name": "sap-was-url-obtain-information(25003)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25003"
},
{
"name": "19085",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19085"
},
{
"name": "18006",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18006"
},
{
"name": "20060301 SAP Web Application Server http request url parsing vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/426449/100/0/threaded"
},
{
"name": "ADV-2006-0810",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0810"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a \";%20\" followed by encoded HTTP headers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015702",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015702"
},
{
"name": "sap-was-url-obtain-information(25003)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25003"
},
{
"name": "19085",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19085"
},
{
"name": "18006",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18006"
},
{
"name": "20060301 SAP Web Application Server http request url parsing vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426449/100/0/threaded"
},
{
"name": "ADV-2006-0810",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0810"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1039",
"datePublished": "2006-03-07T11:00:00",
"dateReserved": "2006-03-07T00:00:00",
"dateUpdated": "2024-08-07T16:56:15.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3634
Vulnerability from cvelistv5
Published
2005-11-16 21:17
Modified
2024-08-07 23:17
Severity ?
EPSS score ?
Summary
frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/23031 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/15362 | vdb-entry, x_refsource_BID | |
| http://securityreason.com/securityalert/163 | third-party-advisory, x_refsource_SREASON | |
| http://marc.info/?l=bugtraq&m=113156525006667&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/17515/ | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/alerts/2005/Nov/1015174.html | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2005/2361 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf"
},
{
"name": "sap-sapexiturl-http-header-injection(23031)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23031"
},
{
"name": "15362",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15362"
},
{
"name": "163",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/163"
},
{
"name": "20051109 CYBSEC - Security Advisory: Phishing Vector in SAP WAS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113156525006667\u0026w=2"
},
{
"name": "17515",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17515/"
},
{
"name": "1015174",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"name": "ADV-2005-2361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2361"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf"
},
{
"name": "sap-sapexiturl-http-header-injection(23031)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23031"
},
{
"name": "15362",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15362"
},
{
"name": "163",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/163"
},
{
"name": "20051109 CYBSEC - Security Advisory: Phishing Vector in SAP WAS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113156525006667\u0026w=2"
},
{
"name": "17515",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17515/"
},
{
"name": "1015174",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"name": "ADV-2005-2361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2361"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf",
"refsource": "MISC",
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf"
},
{
"name": "sap-sapexiturl-http-header-injection(23031)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23031"
},
{
"name": "15362",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15362"
},
{
"name": "163",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/163"
},
{
"name": "20051109 CYBSEC - Security Advisory: Phishing Vector in SAP WAS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113156525006667\u0026w=2"
},
{
"name": "17515",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17515/"
},
{
"name": "1015174",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"name": "ADV-2005-2361",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2361"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3634",
"datePublished": "2005-11-16T21:17:00",
"dateReserved": "2005-11-16T00:00:00",
"dateUpdated": "2024-08-07T23:17:23.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2008-05-23 15:32
Modified
2024-11-21 00:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web Application Server (WAS) 7.0, Web Dynpro for ABAP (aka WD4A or WDA), and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under bc/gui/sap/its/webgui/.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | sap_web_application_server | 7.0 | |
| sap | web_dynpro | abap | |
| sap | web_dynpro | bsp |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:sap_web_application_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5F89AF4D-B15A-4D91-B6A4-0A206772BC69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:web_dynpro:abap:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6B7DE6-A9B0-482F-8A58-6294584C8AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:web_dynpro:bsp:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF6DFD4-74EC-4A0E-8ED0-F92A13CBFC4B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web Application Server (WAS) 7.0, Web Dynpro for ABAP (aka WD4A or WDA), and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under bc/gui/sap/its/webgui/."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados en Web GUI en SAP Web Aplication Server (WAS) 7.0, Web Dynpro para ABAP (tambi\u00e9n conocido como WD4A o WDA), y Web Dynpro para BSP permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a trav\u00e9s de PATH_INFO a la URI por defecto bajo bc/gui/sap/its/webgui/."
}
],
"id": "CVE-2008-2421",
"lastModified": "2024-11-21T00:46:51.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-05-23T15:32:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30334"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/492376/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/29317"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020097"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1599/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42724"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/492376/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/29317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1599/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42724"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-16 21:22
Modified
2024-11-21 00:02
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | sap_web_application_server | 6.10 | |
| sap | sap_web_application_server | 6.20 | |
| sap | sap_web_application_server | 6.40 | |
| sap | sap_web_application_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:sap_web_application_server:6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FE5FAC41-5C2B-4653-A757-ADBFD37E716E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_web_application_server:6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "A68E0969-971D-4D97-97EE-F901B05885DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_web_application_server:6.40:*:*:*:*:*:*:*",
"matchCriteriaId": "B41DF7D3-9EF1-4F5B-870E-5D1FDF095509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_web_application_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5F89AF4D-B15A-4D91-B6A4-0A206772BC69",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de scripting en en sitios cruzados (XSS) en SAP Web Application Server (WAS) 6.10 a 7.00 permiten a atacantes remotos inyectar scritp web arbitrario o HTML mediante (1) sap-syscmd y (2) el campo BspApplication en la aplicaci\u00f3n de prueba SYSTEM PUBLIC."
}
],
"id": "CVE-2005-3635",
"lastModified": "2024-11-21T00:02:18.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-16T21:22:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=113156601505542\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17515/"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/162"
},
{
"source": "cve@mitre.org",
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/20716"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/20717"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/15361"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2361"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=113156601505542\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17515/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/20716"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/20717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/15361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23027"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-07-06 19:30
Modified
2024-11-21 00:33
Severity ?
Summary
Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | all_windows | * | |
| sap | internet_communication_manager | * | |
| sap | sap_web_application_server | 6.10 | |
| sap | sap_web_application_server | 6.20 | |
| sap | sap_web_application_server | 6.40 | |
| sap | sap_web_application_server | 7.0 | |
| sap | sap_web_application_server | 7.0.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3AB4B29F-4C60-48A0-8F58-BCBDC58B697E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:internet_communication_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "651B211A-A926-40F2-A477-2107CD0FC78B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_web_application_server:6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FE5FAC41-5C2B-4653-A757-ADBFD37E716E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_web_application_server:6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "A68E0969-971D-4D97-97EE-F901B05885DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_web_application_server:6.40:*:*:*:*:*:*:*",
"matchCriteriaId": "B41DF7D3-9EF1-4F5B-870E-5D1FDF095509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_web_application_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5F89AF4D-B15A-4D91-B6A4-0A206772BC69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_web_application_server:7.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "23E194A2-DFBF-444F-99D0-A038A4C7EC6A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache."
},
{
"lang": "es",
"value": "El Internet Communication Manager (tambi\u00e9n conocido como ICMAN.exe o ICM) en el SAP NetWeaver Application Server 6.x y 7.x, posiblemente s\u00f3lo bajo Windows, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del proceso) a trav\u00e9s de un URI de cierta longitud que contenga el par\u00e1metro sap-isc-key, relacionado con la configuraci\u00f3n del cach\u00e9 de la web."
}
],
"id": "CVE-2007-3615",
"lastModified": "2024-11-21T00:33:39.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-07-06T19:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0105.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/38095"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25964"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2875"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/472890/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24774"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018336"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2450"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0105.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/38095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/472890/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35278"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-12 17:30
Modified
2024-11-21 01:10
Severity ?
Summary
Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service (Management Console shutdown) via a crafted request. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | sap_kernel | 6.40 | |
| sap | sap_kernel | 7.00 | |
| sap | sap_kernel | 7.01 | |
| sap | sap_kernel | 7.10 | |
| sap | sap_kernel | 7.11 | |
| sap | sap_kernel | 7.20 | |
| sap | sap_netweaver | 7.0 | |
| sap | sap_web_application_server | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:sap_kernel:6.40:*:*:*:*:*:*:*",
"matchCriteriaId": "548D937D-FF7F-4B5B-98A2-50F5FBA7875D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.00:*:*:*:*:*:*:*",
"matchCriteriaId": "DA732B51-EF58-41D1-A012-195847AE9CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.01:*:*:*:*:*:*:*",
"matchCriteriaId": "78E8D3B9-CAF2-47FD-93C7-CCF6554BBA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9B8965F9-F10A-4F6A-830C-7D5D4596AA26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B09614D3-0B53-48FC-9E1F-05384AEFBE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "633CC2AD-4B48-4473-A818-93E40DCBEFBE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:sap_netweaver:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "813CC383-4123-45B0-A58A-78A8DC71FFE7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:sap:sap_web_application_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC17AFFF-324D-40F5-9305-1A049E16B7A3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service (Management Console shutdown) via a crafted request. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "vulnerabilidad inespec\u00edfica en sapstartsrv.exe en el kernel SAP v6.40, v7.00, v7.01, v7.10, v7.11, y v7.20, tal y como se utiliza en SAP NetWeaver v7.x y SAP Web Application Server v6.x y v7.x, permite a atacantes remotos producir una denegaci\u00f3n de servicio (apagado de la consola de administraci\u00f3n) a trav\u00e9s de una petici\u00f3n manipulada."
}
],
"id": "CVE-2009-4603",
"lastModified": "2024-11-21T01:10:01.607",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-12T17:30:01.197",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37684"
},
{
"source": "cve@mitre.org",
"url": "http://www.cybsec.com/vuln/CYBSEC_SAP_sapstartsrv_DoS.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37286"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1023319"
},
{
"source": "cve@mitre.org",
"url": "https://service.sap.com/sap/support/notes/1302231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cybsec.com/vuln/CYBSEC_SAP_sapstartsrv_DoS.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37286"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://service.sap.com/sap/support/notes/1302231"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-11-07 23:07
Modified
2024-11-21 00:20
Severity ?
Summary
Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a "3200+SYSNR" TCP port, as demonstrated by port 3201. NOTE: this issue can be leveraged by local users to access a named pipe as the SAPServiceJ2E user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | sap_web_application_server | 6.40 | |
| sap | sap_web_application_server | 7.00 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:sap_web_application_server:6.40:*:*:*:*:*:*:*",
"matchCriteriaId": "B41DF7D3-9EF1-4F5B-870E-5D1FDF095509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_web_application_server:7.00:*:*:*:*:*:*:*",
"matchCriteriaId": "AE532C69-96F8-40C4-A56E-78A7D5EEDFA4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a \"3200+SYSNR\" TCP port, as demonstrated by port 3201. NOTE: this issue can be leveraged by local users to access a named pipe as the SAPServiceJ2E user."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en SAP Web Application Server 6.40 anterior al parche 136 y 7.00 anterior al parche 66 permite a atacantes remotos leer ficheros de su elecci\u00f3n mediante vectores no especificados. NOTA: este asunto puede ser aprovechado por usuarios locales para acceder a una tuber\u00eda con nombre como usuario SAPServiceJ2E."
}
],
"id": "CVE-2006-5784",
"lastModified": "2024-11-21T00:20:32.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-11-07T23:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22677"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1828"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/450394/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/459499/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/20877"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017628"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/4318"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29982"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/3291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1828"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/450394/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/459499/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/4318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/3291"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-11-07 23:07
Modified
2024-11-21 00:20
Severity ?
Summary
Unspecified vulnerability in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to cause a denial of service (enserver.exe crash) via a 0x72F2 sequence on UDP port 64999.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | sap_web_application_server | 6.40 | |
| sap | sap_web_application_server | 7.00 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:sap_web_application_server:6.40:*:*:*:*:*:*:*",
"matchCriteriaId": "B41DF7D3-9EF1-4F5B-870E-5D1FDF095509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_web_application_server:7.00:*:*:*:*:*:*:*",
"matchCriteriaId": "AE532C69-96F8-40C4-A56E-78A7D5EEDFA4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to cause a denial of service (enserver.exe crash) via a 0x72F2 sequence on UDP port 64999."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en SAP Web Application Server 6.40 anterior al parche 136 y 7.00 anterior al parche 66 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda enserver.exe) mediante vectores no especificados."
}
],
"id": "CVE-2006-5785",
"lastModified": "2024-11-21T00:20:32.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-11-07T23:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22677"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1828"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/450394/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/459499/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/20873"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017628"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/4318"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1828"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/450394/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/459499/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/4318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29981"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-16 21:22
Modified
2024-11-21 00:02
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | sap_web_application_server | 6.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:sap_web_application_server:6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FE5FAC41-5C2B-4653-A757-ADBFD37E716E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en SAP Web Application Server (WAS) 6.10 permite a atacantes remotos inyectar script web arbitrario o HTML mediante Error Pages."
}
],
"id": "CVE-2005-3636",
"lastModified": "2024-11-21T00:02:18.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-16T21:22:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=113156601505542\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17515/"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/162"
},
{
"source": "cve@mitre.org",
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/20715"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/15361"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2361"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=113156601505542\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17515/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/20715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/15361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23029"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-11-21 23:07
Modified
2024-11-21 00:21
Severity ?
Summary
Unspecified vulnerability in SAP Web Application Server before 6.40 patch 6 allows remote attackers to cause a denial of service (enserver.exe crash) via a certain UDP packet to port 64999, aka "two bytes UDP crash," a different vulnerability than CVE-2006-5785.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | sap_web_application_server | 6.40 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:sap_web_application_server:6.40:*:*:*:*:*:*:*",
"matchCriteriaId": "B41DF7D3-9EF1-4F5B-870E-5D1FDF095509",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in SAP Web Application Server before 6.40 patch 6 allows remote attackers to cause a denial of service (enserver.exe crash) via a certain UDP packet to port 64999, aka \"two bytes UDP crash,\" a different vulnerability than CVE-2006-5785."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en SAP Web Application Server anterior a 6.40 patch 6 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (cierre de enserver.exe) mediante un determinado paquete UDP enviado al puerto 64999, tambi\u00e9n conocido como \"ca\u00edda UDP de dos bytes\"(o \"two bytes UDP crash\"), una vulnerabilidad distinta de CVE-2006-5785."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product update:\r\nSAP, SAP Web Application Server, 6.40 patch 6",
"id": "CVE-2006-6011",
"lastModified": "2024-11-21T00:21:25.583",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-11-21T23:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1889"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/451378/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/451378/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-16 21:22
Modified
2024-11-21 00:02
Severity ?
Summary
HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | sap_web_application_server | 6.10 | |
| sap | sap_web_application_server | 6.20 | |
| sap | sap_web_application_server | 6.40 | |
| sap | sap_web_application_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:sap_web_application_server:6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FE5FAC41-5C2B-4653-A757-ADBFD37E716E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_web_application_server:6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "A68E0969-971D-4D97-97EE-F901B05885DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_web_application_server:6.40:*:*:*:*:*:*:*",
"matchCriteriaId": "B41DF7D3-9EF1-4F5B-870E-5D1FDF095509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_web_application_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5F89AF4D-B15A-4D91-B6A4-0A206772BC69",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de separaci\u00f3n de respuesta HTTP en frameset.htm de SAP Web Application Server (WAS) 6.10 a 7.00 permite a atacantes remotos inyectar cabeceras HTML de su elecci\u00f3n mediante el par\u00e1metro sap-exiturl."
}
],
"id": "CVE-2005-3633",
"lastModified": "2024-11-21T00:02:18.257",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-16T21:22:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=113156438708932\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17515/"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/164"
},
{
"source": "cve@mitre.org",
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_HTTP_Response_Splitting_in_SAP_WAS.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/20714"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15360/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2361"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=113156438708932\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17515/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_HTTP_Response_Splitting_in_SAP_WAS.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/20714"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15360/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23030"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-03-07 11:02
Modified
2024-11-21 00:07
Severity ?
Summary
SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | sap_web_application_server | 6.10 | |
| sap | sap_web_application_server | 6.20 | |
| sap | sap_web_application_server | 6.40 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:sap_web_application_server:6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FE5FAC41-5C2B-4653-A757-ADBFD37E716E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_web_application_server:6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "A68E0969-971D-4D97-97EE-F901B05885DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_web_application_server:6.40:*:*:*:*:*:*:*",
"matchCriteriaId": "B41DF7D3-9EF1-4F5B-870E-5D1FDF095509",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a \";%20\" followed by encoded HTTP headers."
}
],
"id": "CVE-2006-1039",
"lastModified": "2024-11-21T00:07:56.043",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-07T11:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19085"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015702"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/426449/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18006"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0810"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015702"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/426449/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25003"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-11-21 23:07
Modified
2024-11-21 00:21
Severity ?
Summary
SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | sap_web_application_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:sap_web_application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D069A2BF-3737-46D1-8695-0FFC8D72D928",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747."
},
{
"lang": "es",
"value": "SAP permite a atacantes remotos obtener informaci\u00f3n potencialmente sensible tal como la versi\u00f3n de sistema operativo y SAP, mediante una petici\u00f3n RFC_SYSTEM_INFO RfcCallReceive, una vulnerabilidad distinta de CVE-2003-0747."
}
],
"id": "CVE-2006-6010",
"lastModified": "2024-11-21T00:21:25.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-11-21T23:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1889"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/451378/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39997"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/451378/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39997"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-16 21:22
Modified
2024-11-21 00:02
Severity ?
Summary
frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | sap_web_application_server | 6.10 | |
| sap | sap_web_application_server | 6.20 | |
| sap | sap_web_application_server | 6.40 | |
| sap | sap_web_application_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:sap_web_application_server:6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FE5FAC41-5C2B-4653-A757-ADBFD37E716E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_web_application_server:6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "A68E0969-971D-4D97-97EE-F901B05885DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_web_application_server:6.40:*:*:*:*:*:*:*",
"matchCriteriaId": "B41DF7D3-9EF1-4F5B-870E-5D1FDF095509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_web_application_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5F89AF4D-B15A-4D91-B6A4-0A206772BC69",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter."
},
{
"lang": "es",
"value": "frameset.htm en soporte de tiempo de ejecuci\u00f3n BSP de SAP Web Application Server (WAS) 6.10 a 7.00 permite a atacantes remotos cerrar la sesi\u00f3n de otros usuarios y redirigirlos a sitios web arbitrarios mediante un comando de cierre en el par\u00e1metro sap-sessioncmd y una URL en el par\u00e1metro sap-exiturl."
}
],
"id": "CVE-2005-3634",
"lastModified": "2024-11-21T00:02:18.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-16T21:22:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=113156525006667\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17515/"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/163"
},
{
"source": "cve@mitre.org",
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/15362"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2361"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=113156525006667\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17515/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/15362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23031"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}