Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
erpscanERPScanERPSCAN-16-008
HistoryOct 08, 2015 - 12:00 a.m.

SAP NetWeaver 7.4 (ProxyServer servlet) - XSS vulnerability

2015-10-0800:00:00
erpscan.io
54

0.002 Low

EPSS

Percentile

59.1%

JSON

Application: SAP NetWeaver **Versions Affected:**SAP NetWeaver 7.4 Vendor URL:SAP **Bugs:**Cross Site Scripting (XSS) **Reported:**10.08.2015 **Vendor response:**11.08.2015 **Date of Public Advisory:**09.02.2016 **Reference:**SAP Security Note 2220571 Author: Vahagn Vardanyan (ERPScan)

VULNERABILITY INFORMATION
Class: [CWE-79]
Impact: XSS on SAP NetWeaver AS JAVA
Remotely Exploitable: Yes
Locally Exploitable: No
CVE: CVE-2016-2387

CVSS Information
CVSS Base Score v3: 6.1/10
CVSS Base Vector:

AV : Access Vector (Related exploit range) Network (N)
AC : Access Complexity (Required attack complexity) Low (L)
Au : Authentication (Level of authentication needed to exploit) None (N)
C : Impact to Confidentiality Low(L)
I : Impact to Integrity Low(L)
A : Impact to Availability None (N)

Description
Anonymous attacker can use a special HTTP request to hijack session data of administrators or users of the web resource.

Business risk
An attacker can use a Cross-site scripting vulnerability to inject a malicious script into a page.
Reflected XSS feature is the necessity of tricking a user from an attackers’ side. The malicious person must make user follow a specially crafted link. Speaking about stored XSS, malicious script is injected and permanently stored in a page body, this way user is attacked without performing any actions.
The malicious script can access all cookies, session tokens and other critical information stored by a browser and used for interaction with the site. The attacker can gain access to user’s session and learn business-critical information, in some cases, it is possible to get control over this information. Also, XSS allows unauthorized modifying of displayed site content.

VULNERABLE PACKAGES
SAP NetWeaver AS JAVA 7.4

SOLUTIONS AND WORKAROUNDS
To correct this vulnerability, install SAP Security Note 2220571

TECHNICAL DESCRIPTION
PoC 1

http://SAP_URL:SAP_PORT/ProxyServer/register?ns=myNamespace<img src=a onerror=alert(β€˜ERPSCAN’)>&interface=&bean=myInterface&method=myMethod

1

|

http://SAP_URL:SAP_PORT/ProxyServer/register?ns=myNamespace<img src=a onerror=alert(β€˜ERPSCAN’)>&interface=&bean=myInterface&method=myMethod

β€”|β€”

PoC 2

http://SAP_URL:SAP_PORT:50000/ProxyServer/register?ns=myNamespace&interface=<img src=a onerror=alert(β€˜ERPSCAN’)>&bean=myInterface&method=myMethod

1

|

http://SAP_URL:SAP_PORT:50000/ProxyServer/register?ns=myNamespace&interface=<img src=a onerror=alert(β€˜ERPSCAN’)>&bean=myInterface&method=myMethod

β€”|β€”

Related

prion 1
cvelist 1
nvd 1
cve 1
packetstorm 1
prion
prion
Cross site scripting
2016-02-16 15:59:00
cvelist
cvelist
CVE-2016-2387
2016-02-16 15:00:00
nvd
nvd
CVE-2016-2387
2016-02-16 15:59:01
cve
cve
CVE-2016-2387
2016-02-16 15:59:01
packetstorm
packetstorm
SAP NetWeaver AS JAVA 7.4 Cross Site Scripting
2016-05-16 00:00:00

0.002 Low

EPSS

Percentile

59.1%

JSON
Related for ERPSCAN-16-008
prion1cvelist1nvd1cve1packetstorm1