Sap Web Application Server@6.40 Security Vulnerabilities and Issues — Sap Web Application Server@6.40 CVE List

Lucene search

SapSap Web Application Server6.40

8 matches found

CVE•added 2005/11/16 9:22 p.m.•55 views

CVE-2005-3634

frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.

5CVSS6.8AI score0.0214EPSS

CVE•added 2006/03/07 11:2 a.m.•42 views

CVE-2006-1039

SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers.

6.4CVSS6.8AI score0.05852EPSS

CVE•added 2006/11/07 11:7 p.m.•41 views

CVE-2006-5784

Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a "3200+SYSNR" TCP port, as demonstrated by port 3201. NOTE: this issue can be leveraged by local users to acces...

4.6CVSS6.8AI score0.03807EPSS

CVE•added 2006/11/07 11:7 p.m.•41 views

CVE-2006-5785

Unspecified vulnerability in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to cause a denial of service (enserver.exe crash) via a 0x72F2 sequence on UDP port 64999.

5CVSS6.9AI score0.01142EPSS

CVE•added 2005/11/16 9:22 p.m.•39 views

CVE-2005-3635

Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application.

4.3CVSS6AI score0.16614EPSS

CVE•added 2007/07/06 7:30 p.m.•39 views

CVE-2007-3615

Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a we...

7.8CVSS6.8AI score0.01968EPSS

CVE•added 2006/11/21 11:7 p.m.•36 views

CVE-2006-6011

Unspecified vulnerability in SAP Web Application Server before 6.40 patch 6 allows remote attackers to cause a denial of service (enserver.exe crash) via a certain UDP packet to port 64999, aka "two bytes UDP crash," a different vulnerability than CVE-2006-5785.

5CVSS6.6AI score0.01142EPSS

CVE•added 2005/11/16 9:22 p.m.•35 views

CVE-2005-3633

HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter.

5CVSS7AI score0.00979EPSS