var-200603-0168
Vulnerability from variot
SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers. SAP Web Application Server is prone to an input-validation vulnerability that results in HTTP response-splitting attacks. This issue is due to a failure in the application to properly sanitize user-supplied input. A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.
Some unspecified input passed in the URL isn't properly sanitised before being returned to the user. This can be exploited to manipulate the HTTP response sent to the user and may allow execution of arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerability has been reported in version 7.00 and prior.
SOLUTION: The vendor has released fixes for the vulnerability. See SAP Note 908147 and 915084 for details.
PROVIDED AND/OR DISCOVERED BY: Arnold Grossmann
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200603-0168",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "web application server",
"scope": "eq",
"trust": 1.9,
"vendor": "sap",
"version": "6.40"
},
{
"model": "web application server",
"scope": "eq",
"trust": 1.9,
"vendor": "sap",
"version": "6.20"
},
{
"model": "web application server",
"scope": "eq",
"trust": 1.9,
"vendor": "sap",
"version": "6.10"
},
{
"model": "web application server",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.0"
}
],
"sources": [
{
"db": "BID",
"id": "18006"
},
{
"db": "CNNVD",
"id": "CNNVD-200603-101"
},
{
"db": "NVD",
"id": "CVE-2006-1039"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Arnold Grossmann",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200603-101"
}
],
"trust": 0.6
},
"cve": "CVE-2006-1039",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2006-1039",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-1039",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200603-101",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200603-101"
},
{
"db": "NVD",
"id": "CVE-2006-1039"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a \";%20\" followed by encoded HTTP headers. SAP Web Application Server is prone to an input-validation vulnerability that results in HTTP response-splitting attacks. This issue is due to a failure in the application to properly sanitize user-supplied input. \nA remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust. \n\nSome unspecified input passed in the URL isn\u0027t properly sanitised\nbefore being returned to the user. This can be exploited to\nmanipulate the HTTP response sent to the user and may allow execution\nof arbitrary HTML and script code in a user\u0027s browser session in\ncontext of an affected site. \n\nThe vulnerability has been reported in version 7.00 and prior. \n\nSOLUTION:\nThe vendor has released fixes for the vulnerability. See SAP Note\n908147 and 915084 for details. \n\nPROVIDED AND/OR DISCOVERED BY:\nArnold Grossmann\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-1039"
},
{
"db": "BID",
"id": "18006"
},
{
"db": "PACKETSTORM",
"id": "44344"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-1039",
"trust": 1.9
},
{
"db": "BID",
"id": "18006",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "19085",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1015702",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2006-0810",
"trust": 1.6
},
{
"db": "BUGTRAQ",
"id": "20060301 SAP WEB APPLICATION SERVER HTTP REQUEST URL PARSING VULNERABILITY",
"trust": 0.6
},
{
"db": "XF",
"id": "25003",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200603-101",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "44344",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "18006"
},
{
"db": "PACKETSTORM",
"id": "44344"
},
{
"db": "CNNVD",
"id": "CNNVD-200603-101"
},
{
"db": "NVD",
"id": "CVE-2006-1039"
}
]
},
"id": "VAR-200603-0168",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.50441176
},
"last_update_date": "2024-11-23T22:47:05.897000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-1039"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/18006"
},
{
"trust": 1.6,
"url": "http://securitytracker.com/id?1015702"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/19085"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/426449/100/0/threaded"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25003"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2006/0810"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/25003"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/426449/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/0810"
},
{
"trust": 0.3,
"url": "http://www.sap.com"
},
{
"trust": 0.3,
"url": "/archive/1/434148"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6087/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/19085/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3327/"
}
],
"sources": [
{
"db": "BID",
"id": "18006"
},
{
"db": "PACKETSTORM",
"id": "44344"
},
{
"db": "CNNVD",
"id": "CNNVD-200603-101"
},
{
"db": "NVD",
"id": "CVE-2006-1039"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "18006"
},
{
"db": "PACKETSTORM",
"id": "44344"
},
{
"db": "CNNVD",
"id": "CNNVD-200603-101"
},
{
"db": "NVD",
"id": "CVE-2006-1039"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-11-09T00:00:00",
"db": "BID",
"id": "18006"
},
{
"date": "2006-03-04T01:29:24",
"db": "PACKETSTORM",
"id": "44344"
},
{
"date": "2006-03-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200603-101"
},
{
"date": "2006-03-07T11:02:00",
"db": "NVD",
"id": "CVE-2006-1039"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-05-17T20:29:00",
"db": "BID",
"id": "18006"
},
{
"date": "2007-08-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200603-101"
},
{
"date": "2024-11-21T00:07:56.043000",
"db": "NVD",
"id": "CVE-2006-1039"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200603-101"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP Website application server URI Input validation vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200603-101"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200603-101"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.