SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   SAP NetWeaver Vendors:   SAP
SAP NetWeaver Input Validation Hole Permits Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1019822
SecurityTracker URL:  http://securitytracker.com/id/1019822
CVE Reference:   CVE-2008-1846   (Links to External Site)
Updated:  Apr 18 2008
Original Entry Date:  Apr 9 2008
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 6.40 - 7.0
Description:   A vulnerability was reported in SAP NetWeaver. A remote user can conduct cross-site scripting attacks.

The software does not properly filter HTML code from user-supplied input before displaying the input. A remote user can submit specially crafted text that, when viewed by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the SAP NetWeaver software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

The file "feedbacks" feature is affected.

The vendor was notified on March 11, 2008.

Jaime Blasco from aitsec.com reported this vulnerability.

The original advisory is available at:

http://www.aitsec.com/vulnerability-SAP-Netweaver-6.40-7.0-Cross-Site-Scripting.php

Impact:   A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the SAP NetWeaver software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution:   The vendor has described a configuration change:

Activate "Secure Editing" in Portal (System Configuration -> System Configuration -> Knowledge management (in detailed Navigation) -> Utilities -> Editing -> HTML Editing)

Additional information is available at:

http://help.sap.com/saphelp_nw70/helpdata/EN/44/4cd511c6233f8ee10000000a1553f7/frameset.htm

For NetWeaver 04 (6.40) SP17:

http://help.sap.com/saphelp_nw04/helpdata/en/44/4d3ef6b5ac2152e10000000a114a6b/frameset.htm

For NetWeaver 7.0 SP8:

http://help.sap.com/saphelp_nw70/helpdata/EN/44/4cd511c6233f8ee10000000a1553f7/frameset.htm

In version 7.0 SP15 the secure editor is enabled by default.

Vendor URL:  www.sap.com/platform/netweaver/index.epx (Links to External Site)
Cause:   Input validation error
Underlying OS:  Windows (2003), Windows (XP)

Message History:   None.


 Source Message Contents

Subject:  SAP Netweaver 6.40-7.0 Cross-Site-Scripting

Title:		SAP Netweaver 6.40-7.0 Persistent Cross-Site-Scripting

Author: 		Jaime Blasco (at) aitsec.com	http://www.aitsec.com

Description:	SAP Netweaver have a web interface for accesing filesystem of the portal, users can make "feedbacks" of
		files, input passed to the content of these feedbacks is not properly sanitised before being returned to the user. 
		This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site


Solution:	This issue can be solved activating "Secure Editing" in Portal
(System Configuration -> System Configuration -> Knowledge management (in detailed Navigation) -> Utilities -> Editing -> HTML Editing)

Hence this issue can be solved via configuration - for more details see 
http://help.sap.com/saphelp_nw70/helpdata/EN/44/4cd511c6233f8ee10000000a1553f7/frameset.htm

NetWeaver 04 (6.40) SP17: http://help.sap.com/saphelp_nw04/helpdata/en/44/4d3ef6b5ac2152e10000000a114a6b/frameset.htm
NetWeaver 7.0 SP8: http://help.sap.com/saphelp_nw70/helpdata/EN/44/4cd511c6233f8ee10000000a1553f7/frameset.htm
As of NetWeaver 7.0 SP15 the secure editor is on by default (SAP note 1110597: https://service.sap.com/sap/support/notes/1110597)

Timeline:

* March 11: Initial contact.
* March 12: Confirmed
* April 5: Vendor response

Original Advisory:

http://www.aitsec.com/vulnerability-SAP-Netweaver-6.40-7.0-Cross-Site-Scripting.php

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC