Info

Disclosure

Nov 09, 2005

Discovery

Sep 23, 2005

Dates

Exploit

Unknown

Solution

Unknown

Description

SAP Web Application Server contains a flaw that allows a remote HTTP response splitting attack. This flaw exists because the application does not validate the 'sap-exiturl' variable upon submission to the BSP applications. This could allow an attacker to create a specially crafted URL that would present a fake web page to a user, steal session cookies, or execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

SAP AG. has released a patch to address this vulnerability. Contact their technical support for further information.

Products

SAP AG.	Web Application Server	6.10
		6.20
		6.40
		7.00

References

Security Tracker: 1015174
Bugtraq ID: 15360
Secunia Advisory ID: 17515
CVE ID: 2005-3633 (see also: NVD)
Related OSVDB ID: 20715 20716 20717
FrSIRT Advisory: ADV-2005-2361
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0216.html
Other Advisory URL: http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_HTTP_Response_Splitting_in_SA ......
Vendor URL: http://www.sap.com/

Credit

Leandro Meiners - lmeinerscybsec.com - CYBSEC S.A.

Direct URL: http://osvdb.org/36218