RCE in Sap Sap_web_application_server
CVE-2006-1039
SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP hea…
Vulnerability class: RCE (Remote Code Execution)
EPSS: 0.027 (84.3th percentile) — read the EPSS interpretation.
Affected products
- Sap Sap_web_application_server — versions 6.10, 6.20, 6.40
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (vdb-entry, x_refsource_SECTRACK)
- cve@mitre.org (vdb-entry, x_refsource_XF)
- cve@mitre.org (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- cve@mitre.org (vdb-entry, x_refsource_BID)
- cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)
- cve@mitre.org (vdb-entry, x_refsource_VUPEN, Vendor Advisory)