RCE in Sap Sap_web_application_server

CVE-2006-1039

SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP hea…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.027 (84.3th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References