CVE-2005-3634 Scanner
Detects 'Open Redirect' vulnerability in SAP Web Application Server affects v. 6.10 through 7.00.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Scan only one
Url
Toolbox
-
SAP Web Application Server (WAS) is an enterprise-level software platform designed to support business-critical applications and services. It is intended to facilitate a variety of tasks such as data processing, transaction management, and complex processing workflows. The software is widely used by large organizations across various industries, including banking, finance, healthcare, and manufacturing.
One of the security vulnerabilities that was detected in SAP WAS is CVE-2005-3634. This vulnerability allows malicious attackers to log users out remotely and redirect them to arbitrary websites by leveraging the frameset.htm function in the BSP runtime. Exploiting this flaw requires the attacker to use the "close" command in the sap-sessioncmd parameter and the "sap-exiturl" parameter to specify the desired URL.
The exploitation of the CVE-2005-3634 vulnerability could lead to severe consequences. Attackers can redirect users to phishing websites, where they could cause them to disclose sensitive information. Alternatively, the attackers can download malicious software onto the user's device, leading to data theft, ransomware attacks, and other malicious activities.
Finally, securityforeveryone.com offers a range of pro features that help businesses scan and identify vulnerabilities in their digital assets quickly and easily. By using the platform, users can gain insights into potential threats and take measures to prevent data breach incidents. The pro features also provide users with comprehensive reporting, trend analysis, and customized notifications for actionable insights. With securityforeveryone.com, businesses can stay ahead of cybercriminals and protect their digital assets.
REFERENCES
- http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf
- exchange.xforce.ibmcloud.com: sap-sapexiturl-http-header-injection(23031)
- securityfocus.com: 15362
- securityreason.com: 163
- marc.info: 20051109 CYBSEC - Security Advisory: Phishing Vector in SAP WAS
- secunia.com: 17515
- securitytracker.com: 1015174
- vupen.com: ADV-2005-2361
control security posture