CVE-2018-2504
CVE-2018-2504 affects SAP NetWeaver AS Java Web Container. The issue arises because the HTTP Host header is not validated against a whitelist, enabling potential HTTP Host Header Manipulation and related XSS . Root cause: missing host header whitelisting in the web container. Impact is mitigated ...