CVE-2005-3634

NUCLEI

SAP Web Application Server 6.10-7.00 - Unauthenticated Session Termination and Open Redirect

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3634. PoCs published by Leandro Meiners. A Nuclei detection template is also available.

AI-analyzed exploit summary The provided text describes a URI redirection vulnerability in SAP Web Application Server, where the 'sap-exiturl' parameter can be manipulated to redirect users to malicious sites. This can be exploited for phishing or theft of authentication credentials.

Description

frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Leandro Meiners · textwebappsphp
https://www.exploit-db.com/exploits/26488

The provided text describes a URI redirection vulnerability in SAP Web Application Server, where the 'sap-exiturl' parameter can be manipulated to redirect users to malicious sites. This can be exploited for phishing or theft of authentication credentials.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: SAP Web Application Server (BSP runtime)
No auth needed
Prerequisites: Access to a vulnerable SAP Web Application Server instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

SAP Web Application Server 6.x/7.0 - Open Redirect
MEDIUMby ctflearner
Shodan: html:"SAP Business Server Pages Team" || http.html:"sap business server pages team"
FOFA: body="sap business server pages team"

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/23031
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15362
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/163
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=113156525006667&w=2
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17515/
Vendor Advisory vdb-entry x_refsource_sectrack
http://www.securitytracker.com/alerts/2005/Nov/1015174.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2361

Scores

EPSS 0.0165
EPSS Percentile 82.5%

Details

Status published
Products (4)
sap/sap_web_application_server 6.10
sap/sap_web_application_server 6.20
sap/sap_web_application_server 6.40
sap/sap_web_application_server 7.0
Published Nov 16, 2005
Tracked Since Feb 18, 2026