CVE-2006-1039

Sažetak

SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers.

Reference

http://secunia.com/advisories/19085
http://securitytracker.com/id?1015702
http://www.securityfocus.com/archive/1/426449/100/0/threaded
http://www.securityfocus.com/bid/18006
http://www.vupen.com/english/advisories/2006/0810
https://exchange.xforce.ibmcloud.com/vulnerabilities/25003

CVSS

Base:	6.4
Impact:	4.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

18-10-2018 - 16:30

Objavljeno

07-03-2006 - 11:02