SAP Web Application Server Input Validation Vulnerability

Bugtraq ID:	18006
Class:	Input Validation Error
CVE:	CVE-2006-1039
Remote:	Yes
Local:	No
Published:	Nov 09 2005 12:00AM
Updated:	May 17 2006 08:29PM
Credit:	Arnold Grossmann <[email protected]> is credited with the discovery of this vulnerability.
Vulnerable:	SAP Web Application Server 7.0 SAP Web Application Server 6.40 SAP Web Application Server 6.20 SAP Web Application Server 6.10
Not Vulnerable:

SAP Web Application Server Input Validation Vulnerability

SAP Web Application Server is prone to an input-validation vulnerability that results in HTTP response-splitting attacks. This issue is due to a failure in the application to properly sanitize user-supplied input.

A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.

SAP Web Application Server Input Validation Vulnerability

Attackers use a web browser to exploit this issue.

The following URI demonstrates this issue:

• /data/vulnerabilities/exploits/18006.html

SAP Web Application Server Input Validation Vulnerability

Solution:
The vendor has released solutions and patch information regarding this issue. Please contact the vendor for further information.

SAP Web Application Server Input Validation Vulnerability

References:

• SAP Homepage (SAP)
  
• vulnerability details ("Arnold Grossmann" )