ID
VAR-E-200511-0244
CVE
| cve_id: | CVE-2006-1039 | Trust: 1.9 |
EDB ID
27887
TITLE
SAP Web Application Server 6.x/7.0 - Input Validation - Multiple remote Exploit
Trust: 0.6
DESCRIPTION
SAP Web Application Server 6.x/7.0 - Input Validation. CVE-2006-1039CVE-23628 . remote exploit for Multiple platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | sap | model: | web application server | scope: | eq | version: | 6.x/7.0 | Trust: 1.0 |
| vendor: | sap | model: | web application server | scope: | eq | version: | 7.0 | Trust: 0.3 |
| vendor: | sap | model: | web application server | scope: | eq | version: | 6.40 | Trust: 0.3 |
| vendor: | sap | model: | web application server | scope: | eq | version: | 6.20 | Trust: 0.3 |
| vendor: | sap | model: | web application server | scope: | eq | version: | 6.10 | Trust: 0.3 |
EXPLOIT
source: https://www.securityfocus.com/bid/18006/info
SAP Web Application Server is prone to an input-validation vulnerability that results in HTTP response-splitting attacks. This issue is due to a failure in the application to properly sanitize user-supplied input.
A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.
http://sap-was/x.htm;%20HTTP%c0%af1.0%20200%20OK%c0%8d%c0%8aContent-Length:%2035%c0%8d%c0%8aContent-Type:text%c0%afhtml%c0%8d%c0%8a%c0%8d%c0%8a%3Chtml%3e%3cbody%3ehello%3c%c0%afbody%3e%3c%c0%afhtml%3e%c0%8d%c0%8a%c0%8d%c0%8a
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Input Validation
Trust: 1.0
CREDITS
Arnold Grossmann
Trust: 0.6
EXTERNAL IDS
| db: | EXPLOIT-DB | id: | 27887 | Trust: 1.9 |
| db: | NVD | id: | CVE-2006-1039 | Trust: 1.9 |
| db: | BID | id: | 18006 | Trust: 1.9 |
| db: | EDBNET | id: | 49738 | Trust: 0.6 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2006-1039 | Trust: 1.6 |
| url: | https://www.securityfocus.com/bid/18006/info | Trust: 1.0 |
| url: | https://www.exploit-db.com/exploits/27887/ | Trust: 0.6 |
| url: | https://www.exploit-db.com/exploits/27887 | Trust: 0.3 |
| url: | http://www.sap.com | Trust: 0.3 |
SOURCES
| db: | BID | id: | 18006 |
| db: | EXPLOIT-DB | id: | 27887 |
| db: | EDBNET | id: | 49738 |
LAST UPDATE DATE
2022-07-27T09:23:31.003000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 18006 | date: | 2006-05-17T20:29:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 18006 | date: | 2005-11-09T00:00:00 |
| db: | EXPLOIT-DB | id: | 27887 | date: | 2005-11-09T00:00:00 |
| db: | EDBNET | id: | 49738 | date: | 2005-11-09T00:00:00 |