漏洞类别:CGI
漏洞等级: 
漏洞信息
SAP NetWeaver Application Server (AS) or SAP Web Application Server is a component of the solution which works as a web application server to SAP solutions.
SAP NetWeaver AS JAVA 7.4 is affected by a Cross-Site Scripting vulnerability in the DataArchivingService servlet which can allow attackers to inject a malicious script into a page.
Affected Version:
SAP NetWeaver AS JAVA 7.4
QID Detection Logic (unauthenticated):
The QID sends a GET /ctcprotocol/Protocol with a "malicious" script injected to see if the target is vulnerable or not by looking at the response received.
漏洞危害
Successful exploitation of the vulnerability will lead to Cross-Site Scripting attacks.
解决方案
Customers are advised to follow the SAP Security Note 2308535 for remediation instructions.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论