CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2006-6011
https://notcve.org/view.php?id=CVE-2006-6011
Unspecified vulnerability in SAP Web Application Server before 6.40 patch 6 allows remote attackers to cause a denial of service (enserver.exe crash) via a certain UDP packet to port 64999, aka "two bytes UDP crash," a different vulnerability than CVE-2006-5785. Vulnerabilidad no especificada en SAP Web Application Server anterior a 6.40 patch 6 permite a atacantes remotos provocar una denegación de servicio (cierre de enserver.exe) mediante un determinado paquete UDP enviado al puerto 64999, también conocido como "caída UDP de dos bytes"(o "two bytes UDP crash"), una vulnerabilidad distinta de CVE-2006-5785. • http://securityreason.com/securityalert/1889 http://www.securityfocus.com/archive/1/451378/100/0/threaded •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 1CVE-2006-5784 – SAP Web Application Server 6.40 - Arbitrary File Disclosure
https://notcve.org/view.php?id=CVE-2006-5784
Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a "3200+SYSNR" TCP port, as demonstrated by port 3201. NOTE: this issue can be leveraged by local users to access a named pipe as the SAPServiceJ2E user. Vulnerabilidad no especificada en SAP Web Application Server 6.40 anterior al parche 136 y 7.00 anterior al parche 66 permite a atacantes remotos leer ficheros de su elección mediante vectores no especificados. NOTA: este asunto puede ser aprovechado por usuarios locales para acceder a una tubería con nombre como usuario SAPServiceJ2E. • https://www.exploit-db.com/exploits/3291 http://secunia.com/advisories/22677 http://securityreason.com/securityalert/1828 http://www.securityfocus.com/archive/1/450394/100/0/threaded http://www.securityfocus.com/archive/1/459499/100/0/threaded http://www.securityfocus.com/bid/20877 http://www.securitytracker.com/id?1017628 http://www.vupen.com/english/advisories/2006/4318 https://exchange.xforce.ibmcloud.com/vulnerabilities/29982 •
CVSS: 5.0EPSS: 3%CPEs: 2EXPL: 0CVE-2006-5785
https://notcve.org/view.php?id=CVE-2006-5785
Unspecified vulnerability in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to cause a denial of service (enserver.exe crash) via a 0x72F2 sequence on UDP port 64999. Vulnerabilidad no especificada en SAP Web Application Server 6.40 anterior al parche 136 y 7.00 anterior al parche 66 permite a atacantes remotos provocar una denegación de servicio (caída enserver.exe) mediante vectores no especificados. • http://secunia.com/advisories/22677 http://securityreason.com/securityalert/1828 http://www.securityfocus.com/archive/1/450394/100/0/threaded http://www.securityfocus.com/archive/1/459499/100/0/threaded http://www.securityfocus.com/bid/20873 http://www.securitytracker.com/id?1017628 http://www.vupen.com/english/advisories/2006/4318 https://exchange.xforce.ibmcloud.com/vulnerabilities/29981 •
CVSS: 6.4EPSS: 1%CPEs: 3EXPL: 1CVE-2006-1039 – SAP Web Application Server 6.x/7.0 - Input Validation
https://notcve.org/view.php?id=CVE-2006-1039
SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers. • https://www.exploit-db.com/exploits/27887 http://secunia.com/advisories/19085 http://securitytracker.com/id?1015702 http://www.securityfocus.com/archive/1/426449/100/0/threaded http://www.securityfocus.com/bid/18006 http://www.vupen.com/english/advisories/2006/0810 https://exchange.xforce.ibmcloud.com/vulnerabilities/25003 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 1CVE-2005-3633
https://notcve.org/view.php?id=CVE-2005-3633
HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter. Vulnerabilidad de separación de respuesta HTTP en frameset.htm de SAP Web Application Server (WAS) 6.10 a 7.00 permite a atacantes remotos inyectar cabeceras HTML de su elección mediante el parámetro sap-exiturl. • http://marc.info/?l=bugtraq&m=113156438708932&w=2 http://secunia.com/advisories/17515 http://securityreason.com/securityalert/164 http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_HTTP_Response_Splitting_in_SAP_WAS.pdf http://www.osvdb.org/20714 http://www.securityfocus.com/bid/15360 http://www.securitytracker.com/alerts/2005/Nov/1015174.html http://www.vupen.com/english/advisories/2005/2361 https://exchange.xforce.ibmcloud.com/vulnerabilities/23030 •