HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Sap_web_application_server | Sap | 7.0 | 7.0 |
Sap_web_application_server | Sap | 6.10 | 6.10 |
Sap_web_application_server | Sap | 6.20 | 6.20 |
Sap_web_application_server | Sap | 6.40 | 6.40 |