CVE-2005-3634

NUCLEI

SAP WAS 6.10-7.00 - SSRF

Title source: llm

Description

frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Leandro Meiners · textwebappsphp

https://www.exploit-db.com/exploits/26488

View Code ZIP pw:eip

Nuclei Templates (1)

SAP Web Application Server 6.x/7.0 - Open Redirect

MEDIUMby ctflearner

Shodan: html:"SAP Business Server Pages Team" || http.html:"sap business server pages team"

FOFA: body="sap business server pages team"

References (8)

[Mailing List] http://marc.info/?l=bugtraq&m=113156525006667&w=2

[Vendor Advisory] http://secunia.com/advisories/17515/

[Various Sources] http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf

[Exploit] http://www.securityfocus.com/bid/15362

[Vendor Advisory] http://www.securitytracker.com/alerts/2005/Nov/1015174.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/23031

[Third Party Advisory] http://www.vupen.com/english/advisories/2005/2361

[Third Party Advisory] http://securityreason.com/securityalert/163

Scores

EPSS 0.0165

EPSS Percentile 82.1%

Details

Status published

Products (4)

sap/sap_web_application_server 6.10

sap/sap_web_application_server 6.20

sap/sap_web_application_server 6.40

sap/sap_web_application_server 7.0

Published Nov 16, 2005

Tracked Since Feb 18, 2026