Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

SAP Web Dynpro Java (BC-WD-JAV) Vulnerability

from [Ivan Buetler] Network Security [Permanent Link]
Subject: SAP Web Dynpro Java (BC-WD-JAV) Vulnerability
Date: Wed, 27 Jun 2007 09:00:50 +0200 
#############################################################
#
# COMPASS SECURITY ADVISORY http://www.csnc.ch/ 
# 
#############################################################
#
# Product: NetWeaver, Web Dynpro Java (BC-WD-JAV) 
# Vendor:  SAP 
# Subject: Multiple XSS, HTML Injection
# Risk:    Medium
# Effect:  Remotely exploitable
# Author:  Cyrill Brunschwiler (cyrill.brunschwiler@csnc.ch)
# Date:    June, 17th 2007
#
#############################################################

Introduction:
-------------
Compass Security discovered a web application security flaw (XSS) in the
SAP Web Dynpro Java (BC-WD-JAV) running in either the testing or
development mode.

Vulnerable:
-----------
SAP NetWeaver Nw04 SP15 to SP 19
SAP NetWeaver Nw04s SP7 to SP 11

Not vulnerable:
---------------
Customers which run their system in production mode. 

SAP Java Technology Services           640 SP20
SAP Web Dynpro Runtime Core Components 700 SP12

Vulnerability Management:
-------------------------
January 2007: Vulnerability found
January 2007: SAP Security notified
February 2007: SAP confirmation
April/May 2007: Patches available
June 2007: Compass Security Information

SAP Information Policy:
-------------------------
The information is available to registered SAP clients only (SAP
Security Notes)


Patches:
--------
Apply the latest Web Dynpro patch according to the related notes. (See
SAP Note No. 1045640, 946608).


Description
-----------
The NetWeaver Application includes the User-Agent-Header content in the
server response body without applying proper encoding. Exploiting the
vulnerability will require an attacker to spoof the User-Agent-Header.
Abusing technologies such as JavaScript or Flash will allow conducting
such an attack.

XSS Ref: http://en.wikipedia.org/wiki/Cross-site_scripting

Cross-site scripting (XSS) is a type of computer security vulnerability
typically found in web applications which allow code injection by
malicious web users into the web pages viewed by other users. Examples
of such code include HTML code and client-side scripts. An exploited
cross-site scripting vulnerability can be used by attackers to bypass
access controls such as the same origin policy. Recently,
vulnerabilities of this kind have been exploited to craft powerful
phishing attacks and browser exploits. Cross-site scripting was
originally referred to as CSS, although this usage has been largely
discontinued.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • SAP Web Dynpro Java (BC-WD-JAV) Vulnerability, Ivan Buetler <=
Previous by Date:  [ MDKSA-2007:137 ] - Updated krb5 packages fix vulnerabilities, security
Next by Date:  PHP 4/5 htaccess safemode and open_basedir Bypass, cxib
Previous by Thread:  [ MDKSA-2007:137 ] - Updated krb5 packages fix vulnerabilities, security
Next by Thread:  PHP 4/5 htaccess safemode and open_basedir Bypass, cxib
Indexes:  [Date] [Thread] [Top] [All Lists]