header-logo
Suggest Exploit
vendor:
SAP Web Application Server
by:
7.5
CVSS
HIGH
Input-Validation
113
CWE
Product Name: SAP Web Application Server
Affected Version From:
Affected Version To:
Patch Exists: YES
Related CWE:
CPE: a:sap:web_application_server
Metasploit:
Other Scripts:
Platforms Tested:

SAP Web Application Server Input-Validation Vulnerability

The SAP Web Application Server is prone to an input-validation vulnerability that results in HTTP response-splitting attacks. This issue is due to a failure in the application to properly sanitize user-supplied input. A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.

Mitigation:

Apply the latest patches or updates provided by SAP to fix this vulnerability. Additionally, it is recommended to validate and sanitize user-supplied input to prevent HTTP response-splitting attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/18006/info

SAP Web Application Server is prone to an input-validation vulnerability that results in HTTP response-splitting attacks. This issue is due to a failure in the application to properly sanitize user-supplied input.

A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.

http://sap-was/x.htm;%20HTTP%c0%af1.0%20200%20OK%c0%8d%c0%8aContent-Length:%2035%c0%8d%c0%8aContent-Type:text%c0%afhtml%c0%8d%c0%8a%c0%8d%c0%8a%3Chtml%3e%3cbody%3ehello%3c%c0%afbody%3e%3c%c0%afhtml%3e%c0%8d%c0%8a%c0%8d%c0%8a