VAR-200603-0168
Vulnerability from variot - Updated: 2023-12-18 12:13SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers. SAP Web Application Server is prone to an input-validation vulnerability that results in HTTP response-splitting attacks. This issue is due to a failure in the application to properly sanitize user-supplied input. A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.
Some unspecified input passed in the URL isn't properly sanitised before being returned to the user. This can be exploited to manipulate the HTTP response sent to the user and may allow execution of arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerability has been reported in version 7.00 and prior.
SOLUTION: The vendor has released fixes for the vulnerability. See SAP Note 908147 and 915084 for details.
PROVIDED AND/OR DISCOVERED BY: Arnold Grossmann
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200603-0168",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "web application server",
"scope": "eq",
"trust": 1.9,
"vendor": "sap",
"version": "6.40"
},
{
"model": "web application server",
"scope": "eq",
"trust": 1.9,
"vendor": "sap",
"version": "6.20"
},
{
"model": "web application server",
"scope": "eq",
"trust": 1.9,
"vendor": "sap",
"version": "6.10"
},
{
"model": "web application server",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.0"
}
],
"sources": [
{
"db": "BID",
"id": "18006"
},
{
"db": "NVD",
"id": "CVE-2006-1039"
},
{
"db": "CNNVD",
"id": "CNNVD-200603-101"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sap:sap_web_application_server:6.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:sap_web_application_server:6.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:sap_web_application_server:6.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-1039"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Arnold Grossmann",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200603-101"
}
],
"trust": 0.6
},
"cve": "CVE-2006-1039",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-1039",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200603-101",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-1039"
},
{
"db": "CNNVD",
"id": "CNNVD-200603-101"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a \";%20\" followed by encoded HTTP headers. SAP Web Application Server is prone to an input-validation vulnerability that results in HTTP response-splitting attacks. This issue is due to a failure in the application to properly sanitize user-supplied input. \nA remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust. \n\nSome unspecified input passed in the URL isn\u0027t properly sanitised\nbefore being returned to the user. This can be exploited to\nmanipulate the HTTP response sent to the user and may allow execution\nof arbitrary HTML and script code in a user\u0027s browser session in\ncontext of an affected site. \n\nThe vulnerability has been reported in version 7.00 and prior. \n\nSOLUTION:\nThe vendor has released fixes for the vulnerability. See SAP Note\n908147 and 915084 for details. \n\nPROVIDED AND/OR DISCOVERED BY:\nArnold Grossmann\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-1039"
},
{
"db": "BID",
"id": "18006"
},
{
"db": "PACKETSTORM",
"id": "44344"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-1039",
"trust": 1.9
},
{
"db": "BID",
"id": "18006",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "19085",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-0810",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1015702",
"trust": 1.6
},
{
"db": "BUGTRAQ",
"id": "20060301 SAP WEB APPLICATION SERVER HTTP REQUEST URL PARSING VULNERABILITY",
"trust": 0.6
},
{
"db": "XF",
"id": "25003",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200603-101",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "44344",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "18006"
},
{
"db": "PACKETSTORM",
"id": "44344"
},
{
"db": "NVD",
"id": "CVE-2006-1039"
},
{
"db": "CNNVD",
"id": "CNNVD-200603-101"
}
]
},
"id": "VAR-200603-0168",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.50441176
},
"last_update_date": "2023-12-18T12:13:18.409000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-1039"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://secunia.com/advisories/19085"
},
{
"trust": 1.6,
"url": "http://securitytracker.com/id?1015702"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/18006"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/426449/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2006/0810"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25003"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/25003"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/426449/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/0810"
},
{
"trust": 0.3,
"url": "http://www.sap.com"
},
{
"trust": 0.3,
"url": "/archive/1/434148"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6087/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/19085/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3327/"
}
],
"sources": [
{
"db": "BID",
"id": "18006"
},
{
"db": "PACKETSTORM",
"id": "44344"
},
{
"db": "NVD",
"id": "CVE-2006-1039"
},
{
"db": "CNNVD",
"id": "CNNVD-200603-101"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "18006"
},
{
"db": "PACKETSTORM",
"id": "44344"
},
{
"db": "NVD",
"id": "CVE-2006-1039"
},
{
"db": "CNNVD",
"id": "CNNVD-200603-101"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-11-09T00:00:00",
"db": "BID",
"id": "18006"
},
{
"date": "2006-03-04T01:29:24",
"db": "PACKETSTORM",
"id": "44344"
},
{
"date": "2006-03-07T11:02:00",
"db": "NVD",
"id": "CVE-2006-1039"
},
{
"date": "2006-03-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200603-101"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-05-17T20:29:00",
"db": "BID",
"id": "18006"
},
{
"date": "2018-10-18T16:30:17.243000",
"db": "NVD",
"id": "CVE-2006-1039"
},
{
"date": "2007-08-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200603-101"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200603-101"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP Website application server URI Input validation vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200603-101"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200603-101"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…