CVE-2006-1039

EPSS 2.7%

SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers.

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/27887unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://secunia.com/advisories/19085 http://securitytracker.com/id?1015702 https://exchange.xforce.ibmcloud.com/vulnerabilities/25003 http://www.securityfocus.com/archive/1/426449/100/0/threaded http://www.securityfocus.com/bid/18006 http://www.vupen.com/english/advisories/2006/0810