CVE-2018-2504

2018-12-11T22:29:00
ID CVE-2018-2504
Type cve
Reporter cve@mitre.org
Modified 2019-01-07T19:06:00

Description

SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50.