SAP Basis component 700 跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1190009 漏洞类型 跨站脚本
发布时间 2007-06-29 更新时间 2007-06-29
CVE编号 CVE-2007-3495 CNNVD-ID CNNVD-200706-541
漏洞平台 N/A CVSS评分 4.3
|漏洞来源
https://www.securityfocus.com/bid/81663
https://cxsecurity.com/issue/WLB-2007070004
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200706-541
|漏洞详情
SAPBasiscomponent700中存在多个跨站脚本攻击漏洞。远程攻击者可以借助与默认登录错误页面相关的特定参数注入任意的web脚本或HTML。
|漏洞EXP
#############################################################
#
# COMPASS SECURITY ADVISORY http://www.csnc.ch/ 
# 
#############################################################
#
# Product: Internet Communication Framework (BC-MID-ICF) 
# Vendor:  SAP 
# Subject: Multiple XSS, HTML Injection
# Risk:    High
# Effect:  Remotely exploitable
# Author:  Cyrill Brunschwiler (cyrill.brunschwiler (at) csnc (dot) ch [email concealed])
# Date:    June, 17th 2007
#
#############################################################

Introduction:
-------------
Compass Security discovered multiple web application security flaws in
the SAP Internet Communication Framework (BC-MID-ICF).

Vulnerable:
-----------
SAP Basis component 640 SP19 and lower
SAP Basis component 700 SP11 and lower

Not vulnerable:
---------------
Customers which registered a customized login error page for SIFC
transactions (e.g. for default_host) may not suffer this vulnerability.

SAP Basis component 640 SP20
SAP Basis component 700 SP12

Vulnerability Management:
-------------------------
October 2006: Vulnerability found
October 2006: SAP Security notified
November 2007: SAP confirmation
April/May 2007: Patches available
June 2007: Compass Security Information

SAP Information Policy:
-------------------------
The information is available to registered SAP clients only (SAP
Security Notes)

Patches:
--------
Available at SAP (See SAP Note No. 1022102).

Description
-----------
The default login error page reflects unfiltered user input for multiple
fields. Exploting the vulnerability will lead to so-called cross-site
scripting (XSS).

XSS Ref: http://en.wikipedia.org/wiki/Cross-site_scripting

Cross-site scripting (XSS) is a type of computer security vulnerability
typically found in web applications which allow code injection by
malicious web users into the web pages viewed by other users. Examples
of such code include HTML code and client-side scripts. An exploited
cross-site scripting vulnerability can be used by attackers to bypass
access controls such as the same origin policy. Recently,
vulnerabilities of this kind have been exploited to craft powerful
phishing attacks and browser exploits. Cross-site scripting was
originally referred to as CSS, although this usage has been largely
discontinued.
|受影响的产品
SAP Sap Basis Component 700 Sp11 SAP Sap Basis Component 640 Sp19
|参考资料

来源:BUGTRAQ
名称:20070627SAPInternetCommunicationFramework(BC-MID-ICF)Vulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/472345/100/0/threaded
来源:MISC
链接:http://www.csnc.ch/advisory/sap02.html
来源:XF
名称:sap-internet-multiple-xss(35107)
链接:http://xforce.iss.net/xforce/xfdb/35107
来源:VUPEN
名称:ADV-2007-2381
链接:http://www.frsirt.com/english/advisories/2007/2381
来源:SREASON
名称:2849
链接:http://securityreason.com/securityalert/2849
来源:SECUNIA
名称:25866
链接:http://secunia.com/advisories/25866