Description
SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50.
Affected products
- SAP / SAP NetWeaver AS Java (ServerCore)= 7.10 – = 7.10
- SAP / SAP NetWeaver AS Java (ServerCore)= 7.11 – = 7.11
- SAP / SAP NetWeaver AS Java (ServerCore)= 7.20 – = 7.20
- SAP / SAP NetWeaver AS Java (ServerCore)= 7.30 – = 7.30
- SAP / SAP NetWeaver AS Java (ServerCore)= 7.31 – = 7.31
- SAP / SAP NetWeaver AS Java (ServerCore)= 7.40 – = 7.40
- SAP / SAP NetWeaver AS Java (ServerCore)= 7.50 – = 7.50