CVE-2005-3634 – SAP Web Application Server 6.x/7.0 - Open Redirection

https://notcve.org/view.php?id=CVE-2005-3634

frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter. frameset.htm en soporte de tiempo de ejecución BSP de SAP Web Application Server (WAS) 6.10 a 7.00 permite a atacantes remotos cerrar la sesión de otros usuarios y redirigirlos a sitios web arbitrarios mediante un comando de cierre en el parámetro sap-sessioncmd y una URL en el parámetro sap-exiturl. • https://www.exploit-db.com/exploits/26488 http://marc.info/?l=bugtraq&m=113156525006667&w=2 http://secunia.com/advisories/17515 http://securityreason.com/securityalert/163 http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf http://www.securityfocus.com/bid/15362 http://www.securitytracker.com/alerts/2005/Nov/1015174.html http://www.vupen.com/english/advisories/2005/2361 https://exchange.xforce.ibmcloud.com/vulnerabilities/23031 •