CVE-2018-2504

Description

SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50.

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699

https://launchpad.support.sap.com/#/notes/2718993

http://www.securityfocus.com/bid/106150

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3