Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CRLF Injection vulnerability in SAP NetWeaver Application Server Java
Vulnerability Description
Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If processed by the application, this content enables injection of untrusted entries into generated configuration, allowing manipulation of application-controlled settings. Successful exploitation leads to a low impact on integrity, while confidentiality and availability remain unaffected.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N
Vulnerability Type
HTTP头部中CRLF序列转义处理不恰当(HTTP响应分割)
Vulnerability Title
SAP NetWeaver Application Server Java 注入漏洞
Vulnerability Description
SAP NetWeaver Application Server Java是德国思爱普(SAP)公司的一款提供了Java运行环境的应用程序服务器。该产品主要用于开发和运行Java EE应用程序。 SAP NetWeaver Application Server Java存在注入漏洞,该漏洞源于CRLF注入,可能导致经过身份验证的管理员提交特制内容,从而在生成的配置中注入不受信任的条目,操纵应用程序控制的设置。
CVSS Information
N/A
Vulnerability Type
N/A