Details of VAR-200603-0168

ID

VAR-200603-0168

CVE

CVE-2006-1039

TITLE

SAP Website application server URI Input validation vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200603-101

DESCRIPTION

SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers. SAP Web Application Server is prone to an input-validation vulnerability that results in HTTP response-splitting attacks. This issue is due to a failure in the application to properly sanitize user-supplied input. A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust. Some unspecified input passed in the URL isn't properly sanitised before being returned to the user. This can be exploited to manipulate the HTTP response sent to the user and may allow execution of arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability has been reported in version 7.00 and prior. SOLUTION: The vendor has released fixes for the vulnerability. See SAP Note 908147 and 915084 for details. PROVIDED AND/OR DISCOVERED BY: Arnold Grossmann ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.26

sources: NVD: CVE-2006-1039 // BID: 18006 // PACKETSTORM: 44344

AFFECTED PRODUCTS

vendor:	sap	model:	web application server	scope:	eq	version:	6.40	Trust: 1.9
vendor:	sap	model:	web application server	scope:	eq	version:	6.20	Trust: 1.9
vendor:	sap	model:	web application server	scope:	eq	version:	6.10	Trust: 1.9
vendor:	sap	model:	web application server	scope:	eq	version:	7.0	Trust: 0.3

sources: BID: 18006 // NVD: CVE-2006-1039 // CNNVD: CNNVD-200603-101

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2006-1039
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200603-101
value:	MEDIUM
Trust: 0.6

NVD:
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0

sources: NVD: CVE-2006-1039 // CNNVD: CNNVD-200603-101

PROBLEMTYPE DATA

problemtype:

CWE-94

Trust: 1.0

sources: NVD: CVE-2006-1039

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200603-101

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-200603-101

CONFIGURATIONS

sources: NVD: CVE-2006-1039

EXTERNAL IDS

db:	NVD	id:	CVE-2006-1039	Trust: 1.9
db:	BID	id:	18006	Trust: 1.9
db:	SECUNIA	id:	19085	Trust: 1.7
db:	VUPEN	id:	ADV-2006-0810	Trust: 1.6
db:	SECTRACK	id:	1015702	Trust: 1.6
db:	BUGTRAQ	id:	20060301 SAP WEB APPLICATION SERVER HTTP REQUEST URL PARSING VULNERABILITY	Trust: 0.6
db:	XF	id:	25003	Trust: 0.6
db:	CNNVD	id:	CNNVD-200603-101	Trust: 0.6
db:	PACKETSTORM	id:	44344	Trust: 0.1

sources: BID: 18006 // PACKETSTORM: 44344 // NVD: CVE-2006-1039 // CNNVD: CNNVD-200603-101

REFERENCES

url:	http://secunia.com/advisories/19085	Trust: 1.6
url:	http://securitytracker.com/id?1015702	Trust: 1.6
url:	http://www.securityfocus.com/bid/18006	Trust: 1.6
url:	http://www.securityfocus.com/archive/1/426449/100/0/threaded	Trust: 1.0
url:	http://www.vupen.com/english/advisories/2006/0810	Trust: 1.0
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/25003	Trust: 1.0
url:	http://xforce.iss.net/xforce/xfdb/25003	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/426449/100/0/threaded	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2006/0810	Trust: 0.6
url:	http://www.sap.com	Trust: 0.3
url:	/archive/1/434148	Trust: 0.3
url:	http://secunia.com/product/6087/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/19085/	Trust: 0.1
url:	http://secunia.com/product/3327/	Trust: 0.1

sources: BID: 18006 // PACKETSTORM: 44344 // NVD: CVE-2006-1039 // CNNVD: CNNVD-200603-101

CREDITS

Arnold Grossmann

Trust: 0.6

sources: CNNVD: CNNVD-200603-101

SOURCES

db:	BID	id:	18006
db:	PACKETSTORM	id:	44344
db:	NVD	id:	CVE-2006-1039
db:	CNNVD	id:	CNNVD-200603-101

LAST UPDATE DATE

2023-12-18T12:13:18.409000+00:00

SOURCES UPDATE DATE

db:	BID	id:	18006	date:	2006-05-17T20:29:00
db:	NVD	id:	CVE-2006-1039	date:	2018-10-18T16:30:17.243
db:	CNNVD	id:	CNNVD-200603-101	date:	2007-08-27T00:00:00

SOURCES RELEASE DATE

db:	BID	id:	18006	date:	2005-11-09T00:00:00
db:	PACKETSTORM	id:	44344	date:	2006-03-04T01:29:24
db:	NVD	id:	CVE-2006-1039	date:	2006-03-07T11:02:00
db:	CNNVD	id:	CNNVD-200603-101	date:	2006-03-07T00:00:00