SAP Web Application Server Remote Information Disclosure Vulnerability
BID:20877
Info
SAP Web Application Server Remote Information Disclosure Vulnerability
| Bugtraq ID: | 20877 |
| Class: | Design Error |
| CVE: |
CVE-2006-5784 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 02 2006 12:00AM |
| Updated: | Feb 08 2007 11:18PM |
| Credit: | Nicob is credited with the discovery of this vulnerability. |
| Vulnerable: |
SAP Web Application Server 7.0 SAP Web Application Server 6.40 |
| Not Vulnerable: | |
Discussion
SAP Web Application Server Remote Information Disclosure Vulnerability
SAP Web Application Server is prone to a remote information-disclosure vulnerability.
An attacker can leverage this issue to gain access to sensitive data. Information obtained could aid in further attacks.
These versions are affected:
- 6.40 patch 135 and prior
- 7.00 patch 55 and prior.
SAP Web Application Server is prone to a remote information-disclosure vulnerability.
An attacker can leverage this issue to gain access to sensitive data. Information obtained could aid in further attacks.
These versions are affected:
- 6.40 patch 135 and prior
- 7.00 patch 55 and prior.
Exploit / POC
SAP Web Application Server Remote Information Disclosure Vulnerability
Sample exploit code has been provided:
Sample exploit code has been provided:
Solution / Fix
SAP Web Application Server Remote Information Disclosure Vulnerability
Solution:
The vendor has released fixes to address this issue. Please see the references for more information.
Solution:
The vendor has released fixes to address this issue. Please see the references for more information.
References
SAP Web Application Server Remote Information Disclosure Vulnerability
References:
References: