Info

Disclosure

Nov 09, 2005

Discovery

Sep 23, 2005

Dates

Exploit

Unknown

Solution

Unknown

Description

SAP Web Application Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the sap-syscmd variables upon submission to the fameset.htm script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

SAP AG. has released a patch to address this vulnerability. Contact their technical support for further information.

Products

SAP AG.	Web Application Server	6.10
		6.20
		6.40
		7.00

References

Security Tracker: 1015174
Bugtraq ID: 15361
Secunia Advisory ID: 17515
CVE ID: 2005-3635 (see also: NVD)
Related OSVDB ID: 20714 20715 20717
FrSIRT Advisory: ADV-2005-2361
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0218.html
Other Advisory URL: http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf
Vendor URL: http://www.sap.com/

Credit

Leandro Meiners - lmeinerscybsec.com - CYBSEC S.A.

Direct URL: http://osvdb.org/36218