First published: Tue Mar 07 2006(Updated: )
SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
SAP Web Application Server | =6.10 | |
SAP Web Application Server | =6.20 | |
SAP Web Application Server | =6.40 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2006-1039 is classified as a medium severity vulnerability that allows for remote code injection.
To fix CVE-2006-1039, upgrade the SAP Web Application Server to a version that is 7.0 or later.
CVE-2006-1039 can allow attackers to inject arbitrary bytes into the HTTP response, potentially exposing sensitive authentication information.
CVE-2006-1039 affects SAP Web Application Server versions 6.10, 6.20, and 6.40.
The primary mitigation for CVE-2006-1039 is to ensure that all affected SAP Web Application Server installations are updated to a secure version.