[] NeoSense
E X P L O I T S
title author type platform port cve id

SAP Web Application Server 6.x/7.0 - Open Redirection

Author: Leandro Meiners
type: webapps
platform: php
port: 
date_added: 2005-11-09 
date_updated: 2013-06-30 
verified: 1 
codes: CVE-2005-3634;OSVDB-35866 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/15362/info

SAP Web Application Server is reported prone to a remote URI redirection vulnerability.

It is reported that an attacker can exploit this issue by supplying the URI of a malicious site through the 'sap-exiturl' parameter.

A successful attack may result in various attacks including theft of cookie-based authentication credentials. An attacker may also be able to exploit this vulnerability to enhance phishing style attacks.

This issue only affects the BSP runtime of SAP WAS.

http://www.example.com/sap/bc/BSp/sap/menu/fameset.htm?sap--essioncmd=close&sapexiturl=http%3a%2f%2fwww.example.com
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.