HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 up to and including 7.00 allows remote malicious users to inject arbitrary HTML headers via the sap-exiturl parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sap sap web application server 6.10 |
||
sap sap web application server 6.20 |
||
sap sap web application server 6.40 |
||
sap sap web application server 7.0 |