Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
BugTraq
Back to list
|
Post reply
SAP Netweaver 6.40-7.0 Cross-Site-Scripting
Apr 09 2008 08:06AM
jaime blasco aitsec com
Title: SAP Netweaver 6.40-7.0 Persistent Cross-Site-Scripting
Author: Jaime Blasco (at) aitsec.com http://www.aitsec.com
Description: SAP Netweaver have a web interface for accesing filesystem of the portal, users can make "feedbacks" of
files, input passed to the content of these feedbacks is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site
Solution: This issue can be solved activating "Secure Editing" in Portal
(System Configuration -> System Configuration -> Knowledge management (in detailed Navigation) -> Utilities -> Editing -> HTML Editing)
Hence this issue can be solved via configuration - for more details see
http://help.sap.com/saphelp_nw70/helpdata/EN/44/4cd511c6233f8ee10000000a
1553f7/frameset.htm
NetWeaver 04 (6.40) SP17: http://help.sap.com/saphelp_nw04/helpdata/en/44/4d3ef6b5ac2152e10000000a
114a6b/frameset.htm
NetWeaver 7.0 SP8: http://help.sap.com/saphelp_nw70/helpdata/EN/44/4cd511c6233f8ee10000000a
1553f7/frameset.htm
As of NetWeaver 7.0 SP15 the secure editor is on by default (SAP note 1110597: https://service.sap.com/sap/support/notes/1110597)
Timeline:
* March 11: Initial contact.
* March 12: Confirmed
* April 5: Vendor response
Original Advisory:
http://www.aitsec.com/vulnerability-SAP-Netweaver-6.40-7.0-Cross-Site-Sc
ripting.php
[ reply ]
Privacy Statement
Copyright 2009, SecurityFocus
Author: Jaime Blasco (at) aitsec.com http://www.aitsec.com
Description: SAP Netweaver have a web interface for accesing filesystem of the portal, users can make "feedbacks" of
files, input passed to the content of these feedbacks is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site
Solution: This issue can be solved activating "Secure Editing" in Portal
(System Configuration -> System Configuration -> Knowledge management (in detailed Navigation) -> Utilities -> Editing -> HTML Editing)
Hence this issue can be solved via configuration - for more details see
http://help.sap.com/saphelp_nw70/helpdata/EN/44/4cd511c6233f8ee10000000a
1553f7/frameset.htm
NetWeaver 04 (6.40) SP17: http://help.sap.com/saphelp_nw04/helpdata/en/44/4d3ef6b5ac2152e10000000a
114a6b/frameset.htm
NetWeaver 7.0 SP8: http://help.sap.com/saphelp_nw70/helpdata/EN/44/4cd511c6233f8ee10000000a
1553f7/frameset.htm
As of NetWeaver 7.0 SP15 the secure editor is on by default (SAP note 1110597: https://service.sap.com/sap/support/notes/1110597)
Timeline:
* March 11: Initial contact.
* March 12: Confirmed
* April 5: Vendor response
Original Advisory:
http://www.aitsec.com/vulnerability-SAP-Netweaver-6.40-7.0-Cross-Site-Sc
ripting.php
[ reply ]