11 lines
No EOL
650 B
Text
11 lines
No EOL
650 B
Text
source: https://www.securityfocus.com/bid/15362/info
|
|
|
|
SAP Web Application Server is reported prone to a remote URI redirection vulnerability.
|
|
|
|
It is reported that an attacker can exploit this issue by supplying the URI of a malicious site through the 'sap-exiturl' parameter.
|
|
|
|
A successful attack may result in various attacks including theft of cookie-based authentication credentials. An attacker may also be able to exploit this vulnerability to enhance phishing style attacks.
|
|
|
|
This issue only affects the BSP runtime of SAP WAS.
|
|
|
|
http://www.example.com/sap/bc/BSp/sap/menu/fameset.htm?sap--essioncmd=close&sapexiturl=http%3a%2f%2fwww.example.com |