CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
86.6%
SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a “;%20” followed by encoded HTTP headers.
Vendor | Product | Version | CPE |
---|---|---|---|
sap | sap_web_application_server | 6.10 | cpe:2.3:a:sap:sap_web_application_server:6.10:*:*:*:*:*:*:* |
sap | sap_web_application_server | 6.20 | cpe:2.3:a:sap:sap_web_application_server:6.20:*:*:*:*:*:*:* |
sap | sap_web_application_server | 6.40 | cpe:2.3:a:sap:sap_web_application_server:6.40:*:*:*:*:*:*:* |