Skip to Content
Just read this German article about XSS vulnerability in SAP Web Application Server (Web AS) and put the links to the OSS Notes together.


Security Advisorys


Security Advisory by Cybsec regarding HTTP-Response-Splitting

Security Advisory by Cybsec regarding possible Phishing-Attacks

Security Advisory by Cybsec regarding several Cross-Site-Scripting-Holes

Whitepaper about HTTP-Response-Splitting by Packetstorm</li>
</ul>


OSS Notes


853878: HTTP WhiteList Check (security)

887322: Whitelist checks of sap-exit URL

887164: BSP Test Applications in Production Systems

<a href=”http://service.sap.com/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=887168″ target=”_blank”>887168: BSP Page Directive <%@page forceEncode=”html”%> & <%hmlt=.%></a></li>
</ul>

To report this post you need to login first.

2 Comments

You must be Logged on to comment or reply to a post.

  1. Community User
    Thanks Gregor, I talked with my colleague during lunch about the heise article but I had not the time to get in touch with our administrators (it is not critical in our situation). But I know which link I will sent them, tomorrow 😉
    regards
    Thomas
    (0) 
  2. Mark Finnern
    Hi Gregor,

    Thanks a million. You really helped out here. I hate to delete an SDN comment, but I did this morning because it only pointed to the article without mentioning that there are SAP notes that solve these problems.

    Andreas Wiegenstein’s post A short story about Cross Site Scripting also gives some great background to Cross Site Scripting and how to protect against it.

    Thanks again, Mark.

    (0) 

Leave a Reply