CVE-2005-3634

Currently unrated

Key Information:

Vendor: SAP
Status: SAP Web Application Server
Vendor: CVE Published:; 16 November 2005

Summary

frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.

References

http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multi...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/23031

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/15362

vdb-entryx_refsource_BID

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 16, 2005
Vulnerability Reserved
Nov 16, 2005