Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

HostName verification not performed during SSL handshake, SAP security note 1381198

Description

Hostname verification of the server certificate doesnot happen during SSL Handshake

Available fix and Supported packages

  • MESSAGING | 7.10 | 7.11
  • MESSAGING | 7.20 | 7.20
  • MESSAGING | 7.30 | 7.30
  • SAP_XIAF | 3.0 | 3.0
  • SAP_XIAF | 7.00 | 7.02
  • SAP_XIAF | 7.10 | 7.11
  • SAP-XIAFC | 3.0 | 3.0
  • SAP-XIAFC | 7.00 | 7.02
  • MESSAGING SYSTEM SERVICE 7.10 | SP006 | 000039
  • MESSAGING SYSTEM SERVICE 7.10 | SP007 | 000034
  • MESSAGING SYSTEM SERVICE 7.10 | SP008 | 000018
  • MESSAGING SYSTEM SERVICE 7.10 | SP009 | 000035
  • MESSAGING SYSTEM SERVICE 7.10 | SP010 | 000000
  • MESSAGING SYSTEM SERVICE 7.11 | SP001 | 000016
  • MESSAGING SYSTEM SERVICE 7.11 | SP002 | 000011
  • MESSAGING SYSTEM SERVICE 7.11 | SP003 | 000012
  • MESSAGING SYSTEM SERVICE 7.11 | SP004 | 000004
  • MESSAGING SYSTEM SERVICE 7.11 | SP005 | 000000
  • VISUAL COMPOSER FLEX 7.01 | SP008 | 000000
  • XI ADAPTER FRAMEWORK 3.0 | SP028 | 000000
  • XI ADAPTER FRAMEWORK 7.00 | SP018 | 000013
  • XI ADAPTER FRAMEWORK 7.00 | SP019 | 000009
  • XI ADAPTER FRAMEWORK 7.00 | SP020 | 000011
  • XI ADAPTER FRAMEWORK 7.00 | SP021 | 000009
  • XI ADAPTER FRAMEWORK 7.00 | SP022 | 000006
  • XI ADAPTER FRAMEWORK 7.00 | SP023 | 000000
  • XI ADAPTER FRAMEWORK 7.01 | SP003 | 000004
  • XI ADAPTER FRAMEWORK 7.01 | SP004 | 000007

Affected component

    BC-XI-CON-AFW-SEC
    Security

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/1381198

TAGS

#SSL
#SOAP-Adapter
#handshake

More to explorer