CVE-2005-3633
SAP Web Application Server 6.10-7.00 - HTTP Response Splitting via sap-exiturl Parameter
Title source: llmDescription
HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter.
References (9)
Core 9
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=113156438708932&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/23030
Various Sources x_refsource_misc
http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_HTTP_Response_Splitting_in_SAP_WAS.pdf
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/164
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/20714
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17515/
Exploit, Vendor Advisory vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/alerts/2005/Nov/1015174.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2361
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15360/
Scores
EPSS
0.0098
EPSS Percentile
77.0%
Details
Status
published
Products (4)
sap/sap_web_application_server
6.10
sap/sap_web_application_server
6.20
sap/sap_web_application_server
6.40
sap/sap_web_application_server
7.0
Published
Nov 16, 2005
Tracked Since
Feb 18, 2026