Sign-up

ID

VAR-200511-0077


CVE

CVE-2005-3633


TITLE

SAP Web Application Server in frameset.htm of HTTP Response split vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200511-201

DESCRIPTION

HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter. This issue is due to a failure in the application to properly sanitize user-supplied input. A remote attacker may exploit this vulnerability to influence or misrepresent how Web content is served, cached or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust. This issue only affects the BSP runtime of SAP WAS. 1) Input passed to the "sap-syscmd" parameter in "fameset.htm" and the "BspApplication" field in the "SYSTEM PUBLIC" test application isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Other versions may also be affected. 2) Input passed to the query string in pages generating error messages isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Prior versions may also be affected. 3) The problem is that an absolute URL for an external site can be specified in the "sapexiturl" parameter passed to "fameset.htm". This can be exploited to trick users into visiting a malicious web site by following a specially crafted link with a trusted hostname redirecting to the malicious web site. Other versions may also be affected. Other versions may also be affected. SOLUTION: The vendor has reportedly provided a solution for the vulnerabilities. Customers should contact the SAP's support for further information. PROVIDED AND/OR DISCOVERED BY: Leandro Meiners, Cybsec S.A. ORIGINAL ADVISORY: http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Phishing_Vector_in_SAP_WAS.pdf http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_HTTP_Response_Splitting_in_SAP_WAS.pdf ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.26

sources: NVD: CVE-2005-3633 // BID: 15360 // PACKETSTORM: 41457

AFFECTED PRODUCTS

vendor:sapmodel:web application serverscope:eqversion:7.0

Trust: 1.9

vendor:sapmodel:web application serverscope:eqversion:6.40

Trust: 1.9

vendor:sapmodel:web application serverscope:eqversion:6.20

Trust: 1.9

vendor:sapmodel:web application serverscope:eqversion:6.10

Trust: 1.9

sources: BID: 15360 // CNNVD: CNNVD-200511-201 // NVD: CVE-2005-3633

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2005-3633
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200511-201
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2005-3633
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

sources: CNNVD: CNNVD-200511-201 // NVD: CVE-2005-3633

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-3633

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200511-201

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200511-201

EXTERNAL IDS

db:BIDid:15360

Trust: 1.9

db:SECUNIAid:17515

Trust: 1.7

db:SECTRACKid:1015174

Trust: 1.6

db:NVDid:CVE-2005-3633

Trust: 1.6

db:SREASONid:164

Trust: 1.6

db:OSVDBid:20714

Trust: 1.6

db:VUPENid:ADV-2005-2361

Trust: 1.6

db:XFid:23030

Trust: 0.6

db:BUGTRAQid:20051109 CYBSEC - SECURITY ADVISORY: HTTP RESPONSE SPLITTING IN SAP WAS

Trust: 0.6

db:CNNVDid:CNNVD-200511-201

Trust: 0.6

db:PACKETSTORMid:41457

Trust: 0.1

sources: BID: 15360 // PACKETSTORM: 41457 // CNNVD: CNNVD-200511-201 // NVD: CVE-2005-3633

REFERENCES

url:http://secunia.com/advisories/17515/

Trust: 1.7

url:http://www.cybsec.com/vuln/cybsec_security_advisory_http_response_splitting_in_sap_was.pdf

Trust: 1.7

url:http://www.securitytracker.com/alerts/2005/nov/1015174.html

Trust: 1.6

url:http://www.securityfocus.com/bid/15360/

Trust: 1.6

url:http://www.osvdb.org/20714

Trust: 1.6

url:http://securityreason.com/securityalert/164

Trust: 1.6

url:http://marc.theaimsgroup.com/?l=bugtraq&m=113156438708932&w=2

Trust: 1.2

url:http://marc.info/?l=bugtraq&m=113156438708932&w=2

Trust: 1.0

url:http://www.vupen.com/english/advisories/2005/2361

Trust: 1.0

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/23030

Trust: 1.0

url:http://xforce.iss.net/xforce/xfdb/23030

Trust: 0.6

url:http://www.frsirt.com/english/advisories/2005/2361

Trust: 0.6

url:http://www.sap.com

Trust: 0.3

url:/archive/1/416148

Trust: 0.3

url:http://secunia.com/product/6087/

Trust: 0.1

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

url:http://www.cybsec.com/vuln/cybsec_security_advisory_multiple_xss_in_sap_was.pdf

Trust: 0.1

url:http://www.cybsec.com/vuln/cybsec_security_advisory_phishing_vector_in_sap_was.pdf

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/product/3327/

Trust: 0.1

sources: BID: 15360 // PACKETSTORM: 41457 // CNNVD: CNNVD-200511-201 // NVD: CVE-2005-3633

CREDITS

Leandro Meiners

Trust: 0.6

sources: CNNVD: CNNVD-200511-201

SOURCES

db:BIDid:15360
db:PACKETSTORMid:41457
db:CNNVDid:CNNVD-200511-201
db:NVDid:CVE-2005-3633

LAST UPDATE DATE

2024-08-14T14:22:54.485000+00:00


SOURCES UPDATE DATE

db:BIDid:15360date:2005-11-09T00:00:00
db:CNNVDid:CNNVD-200511-201date:2005-11-23T00:00:00
db:NVDid:CVE-2005-3633date:2017-07-11T01:33:15.503

SOURCES RELEASE DATE

db:BIDid:15360date:2005-11-09T00:00:00
db:PACKETSTORMid:41457date:2005-11-10T23:56:45
db:CNNVDid:CNNVD-200511-201date:2005-11-16T00:00:00
db:NVDid:CVE-2005-3633date:2005-11-16T21:22:00