Remote Code Injection in SAP Web Application Server by unauthorized byte manipulation
CVE-2006-1039

Currently unrated

Key Information:

Vendor: SAP
Status: SAP Web Application Server
Vendor: CVE Published:; 7 March 2006

What is CVE-2006-1039?

A vulnerability exists in the SAP Web Application Server (WebAS) Kernel prior to version 7.0 that allows remote attackers to inject arbitrary bytes into the HTTP response. This exploitation may enable the attacker to gain access to sensitive authentication credentials or facilitate additional unauthorized actions on the server by manipulating encoded HTTP headers. Proper methodologies ought to be implemented to secure HTTP header processing and validate incoming requests to mitigate potential intrusions.

References

http://securitytracker.com/id?1015702

vdb-entryx_refsource_SECTRACK

https://exchange.xforce.ibmcloud.com/vulnerabilities/25003

vdb-entryx_refsource_XF

http://secunia.com/advisories/19085

third-party-advisoryx_refsource_SECUNIA

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 7, 2006
Vulnerability Reserved
Mar 7, 2006