Vulnerability Description
HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Sap Web Application Server | 6.10 |
References
- http://marc.info/?l=bugtraq&m=113156438708932&w=2
- http://secunia.com/advisories/17515/Vendor Advisory
- http://securityreason.com/securityalert/164
- http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_HTTP_Response_Splitting_in_S
- http://www.osvdb.org/20714
- http://www.securityfocus.com/bid/15360/
- http://www.securitytracker.com/alerts/2005/Nov/1015174.htmlExploitVendor Advisory
- http://www.vupen.com/english/advisories/2005/2361
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23030
- http://marc.info/?l=bugtraq&m=113156438708932&w=2
- http://secunia.com/advisories/17515/Vendor Advisory
- http://securityreason.com/securityalert/164
- http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_HTTP_Response_Splitting_in_S
- http://www.osvdb.org/20714
- http://www.securityfocus.com/bid/15360/
FAQ
What is CVE-2005-3633?
CVE-2005-3633 is a vulnerability with a CVSS score of 5.0 (MEDIUM). HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter.
How severe is CVE-2005-3633?
CVE-2005-3633 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3633?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Sap Web Application Server.