Vulnerability Description
frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Sap Web Application Server | 6.10 |
References
- http://marc.info/?l=bugtraq&m=113156525006667&w=2
- http://secunia.com/advisories/17515/Vendor Advisory
- http://securityreason.com/securityalert/163
- http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf
- http://www.securityfocus.com/bid/15362Exploit
- http://www.securitytracker.com/alerts/2005/Nov/1015174.htmlVendor Advisory
- http://www.vupen.com/english/advisories/2005/2361
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23031
- http://marc.info/?l=bugtraq&m=113156525006667&w=2
- http://secunia.com/advisories/17515/Vendor Advisory
- http://securityreason.com/securityalert/163
- http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf
- http://www.securityfocus.com/bid/15362Exploit
- http://www.securitytracker.com/alerts/2005/Nov/1015174.htmlVendor Advisory
- http://www.vupen.com/english/advisories/2005/2361
FAQ
What is CVE-2005-3634?
CVE-2005-3634 is a vulnerability with a CVSS score of 5.0 (MEDIUM). frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-s...
How severe is CVE-2005-3634?
CVE-2005-3634 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3634?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Sap Web Application Server.