CVE-2006-1039

Currently unrated

Key Information:

Vendor: SAP
Status: SAP Web Application Server
Vendor: CVE Published:; 7 March 2006

Summary

SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers.

References

http://securitytracker.com/id?1015702

vdb-entryx_refsource_SECTRACK

https://exchange.xforce.ibmcloud.com/vulnerabilities/25003

vdb-entryx_refsource_XF

http://secunia.com/advisories/19085

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Mar 7, 2006
Vulnerability Reserved
Mar 7, 2006