Back to search
CVE-2005-3634
Published: Nov 16, 2005
Modified: Aug 7, 2024
PUBLISHED
Description
frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
sap-sapexiturl-http-header-injection(23031)
vdb-entry
x_refsource_XF
15362
vdb-entry
x_refsource_BID
163
third-party-advisory
x_refsource_SREASON
20051109 CYBSEC - Security Advisory: Phishing Vector in SAP WAS
mailing-list
x_refsource_BUGTRAQ
17515
third-party-advisory
x_refsource_SECUNIA
1015174
vdb-entry
x_refsource_SECTRACK
ADV-2005-2361
vdb-entry
x_refsource_VUPEN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now