Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:11658
HistoryMar 01, 2006 - 12:00 a.m.

SAP Web Application Server http request url parsing vulnerability

2006-03-0100:00:00
vulners.com
9
JSON

Advisory Name: SAP Web Application Server http request url parsing vulnerability

Release Date: 01/03/2006

Affected Applications: SAP WebAS Kernel up to version 7.00

Affected Platforms: Platform-Independant

Local / Remote: Remote

Severity: Medium to High

Author: A. Grossmann arnold.grossmann (at) gmail.com

Vendor Status: Confirmed

Product Overview ( cited from SAP ):

SAP Web Application Server

The only Application Platform for the SAP NetWeaver Suite

SAP Web Application Server (SAP Web AS) is the application platform of SAP
NetWeaver, i.e. it provides the complete infrastructure to develop, deploy
and run all SAP NetWeaver applications. The major key capability of SAP Web
AS is the full support for both the proven ABAP technology and the innovative
open source internet-driven technologies Java, Java 2 Enterprise Edition
(J2EE) and Web Services.

Vulnerability Description:

SAP Web Application Server was found to be vulnerable to an URL manipulation
allowing an attacker to prefix the http response ( to a request containing a
manipulated URL ) with a sequence of bytes of his choice.
The vulnerability may be exploited to mount various attacks to gain knowledge
of authentication information valid within the context of the WAS website
( like cookies, usernames or passwords ). Also the vulnerability may aid an
attacker in manipulating the way a website is cached, served or interpreted -
leading to a false sense of trust or a partial defacement.

Technical Details:

Technical details will be released 12 weeks after publication of this pre-
advisory. This was agreed upon with SAP to allow their clients to upgrade
affected software.

Solution:

Patches are provided from SAP. See SAP Note 908147 and 915084 for details.

Vendor Response:

  • 11/29/2005: Initial Vendor Contact.
  • 11/30/2005: Technical details for the vulnerabilities sent to vendor.
  • 10/1/2006: patch provided by vendor.
  • 01/03/2006: Coordinate release of pre-advisory without technical details
  • 05/15/2006: Coordinate release of advisory with technical details
JSON