HTTP Host Header Manipulation Vulnerability in SAP NetWeaver AS Java Web Container
CVE-2018-2504

6.1MEDIUM

Key Information:

Vendor: SAP
Status: SAP Netweaver As Java (servercore)
Vendor: CVE Published:; 11 December 2018

Summary

The SAP NetWeaver AS Java Web Container is susceptible to HTTP Host Header Manipulation due to improper validation of the HTTP host header against a whitelist. This vulnerability can potentially lead to malicious Cross-Site Scripting (XSS) attacks. Users are recommended to upgrade to the patched versions (7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50) to mitigate potential exploitation.

Affected Version(s)

SAP NetWeaver AS Java (ServerCore) = 7.10 = 7.10

SAP NetWeaver AS Java (ServerCore) = 7.11 = 7.11

SAP NetWeaver AS Java (ServerCore) = 7.20 = 7.20

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/2718993

x_refsource_MISC

http://www.securityfocus.com/bid/106150

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 11, 2018
Vulnerability Reserved
Dec 15, 2017

.

🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.