header-logo
Suggest Exploit
vendor:
Web Application Server
by:
Unknown
5.5
CVSS
MEDIUM
Remote URI Redirection
601
CWE
Product Name: Web Application Server
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: sap:web_application_server
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

SAP Web Application Server Remote URI Redirection Vulnerability

An attacker can exploit this vulnerability by supplying the URI of a malicious site through the 'sap-exiturl' parameter. This can lead to various attacks, including theft of cookie-based authentication credentials and phishing-style attacks.

Mitigation:

Apply the necessary patches or updates provided by SAP. Avoid clicking on suspicious links or visiting untrusted websites.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15362/info

SAP Web Application Server is reported prone to a remote URI redirection vulnerability.

It is reported that an attacker can exploit this issue by supplying the URI of a malicious site through the 'sap-exiturl' parameter.

A successful attack may result in various attacks including theft of cookie-based authentication credentials. An attacker may also be able to exploit this vulnerability to enhance phishing style attacks.

This issue only affects the BSP runtime of SAP WAS. 

http://www.example.com/sap/bc/BSp/sap/menu/fameset.htm?sap--essioncmd=close&sapexiturl=http%3a%2f%2fwww.example.com

Navigation

Suggest Exploit

Services By CQR