Multiple vulnerabilities were identified in SAP Web Application Server, which may be exploited by attackers to conduct cross site scripting, HTTP response splitting and phishing attacks.
The first issue is due to an input validation error in the BSP runtime when processing a specially crafted "sap-exiturl" parameter, which may be exploited by attackers to perform HTTP response splitting and cause arbitrary scripting code to be executed by the user's browser.
The second vulnerability is due to an input validation error in the BSP runtime when processing a specially crafted "sapexiturl" parameter passed to the "menu/fameset.htm" script, which could be exploited by attackers to redirect a user from the application to a malicious Web page.
The third flaw is due to input validation errors in the BSP runtime when displaying certain error pages and when processing a specially crafted "syscmd" or "BspApplication" parameter, which may be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser.
SAP WAS 6.20 and 7.00 - Apply patches (see SAP Notes 887322, 887323, 887164 and 887168).
SAP WAS 6.10 and 6.20 prior to SP54 - Disable support for the affected parameters. References
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback If you have additional information or corrections for this security advisory please submit them via our contact form.
