SAP Web Application Server Input-Validation Vulnerability

vendor:

SAP Web Application Server

by:

7.5

CVSS

HIGH

Input-Validation

113

CWE

Product Name: SAP Web Application Server

Affected Version From:

Affected Version To:

Patch Exists: YES

Related CWE:

CPE: a:sap:web_application_server

Metasploit:

Other Scripts:

Platforms Tested:

SAP Web Application Server Input-Validation Vulnerability

The SAP Web Application Server is prone to an input-validation vulnerability that results in HTTP response-splitting attacks. This issue is due to a failure in the application to properly sanitize user-supplied input. A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.

Mitigation:

Apply the latest patches or updates provided by SAP to fix this vulnerability. Additionally, it is recommended to validate and sanitize user-supplied input to prevent HTTP response-splitting attacks.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/18006/info

SAP Web Application Server is prone to an input-validation vulnerability that results in HTTP response-splitting attacks. This issue is due to a failure in the application to properly sanitize user-supplied input.

A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.

http://sap-was/x.htm;%20HTTP%c0%af1.0%20200%20OK%c0%8d%c0%8aContent-Length:%2035%c0%8d%c0%8aContent-Type:text%c0%afhtml%c0%8d%c0%8a%c0%8d%c0%8a%3Chtml%3e%3cbody%3ehello%3c%c0%afbody%3e%3c%c0%afhtml%3e%c0%8d%c0%8a%c0%8d%c0%8a