Skip links

Potential information disclosure in session management, SAP security note 1478362

Description

A malicious user can discover information relating to session management. This information could be used to allow the malicious user to specialize their attacks against session management and web container.

Available fix and Supported packages

  • ENGINEAPI | 7.10 | 7.11
  • ENGINEAPI | 7.20 | 7.20
  • ENGINEAPI | 7.30 | 7.30
  • ENGINEAPI | 7.31 | 7.31
  • SERVERCORE | 7.10 | 7.10
  • SERVERCORE | 7.11 | 7.11
  • SERVERCORE | 7.20 | 7.20
  • SERVERCORE | 7.30 | 7.30
  • ENGINEAPI 7.10 | SP009 | 000011
  • ENGINEAPI 7.10 | SP010 | 000008
  • ENGINEAPI 7.11 | SP003 | 000010
  • ENGINEAPI 7.11 | SP004 | 000013
  • ENGINEAPI 7.20 | SP001 | 000009
  • ENGINEAPI 7.20 | SP002 | 000012
  • ENGINEAPI 7.20 | SP003 | 000010
  • J2EE ENGINE SERVERCORE 7.10 | SP009 | 000023
  • J2EE ENGINE SERVERCORE 7.10 | SP010 | 000018
  • J2EE ENGINE SERVERCORE 7.10 | SP011 | 000000
  • J2EE ENGINE SERVERCORE 7.11 | SP003 | 000024
  • J2EE ENGINE SERVERCORE 7.11 | SP004 | 000024
  • J2EE ENGINE SERVERCORE 7.11 | SP005 | 000015
  • J2EE ENGINE SERVERCORE 7.11 | SP006 | 000000
  • J2EE ENGINE SERVERCORE 7.20 | SP000 | 000000
  • J2EE ENGINE SERVERCORE 7.20 | SP001 | 000016
  • J2EE ENGINE SERVERCORE 7.20 | SP002 | 000020
  • J2EE ENGINE SERVERCORE 7.20 | SP003 | 000025
  • J2EE ENGINE SERVERCORE 7.30 | SP000 | 000000

Affected component

    BC-JAS-WEB
    Web Container, HTTP, JavaMail, Servlets

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/1478362

TAGS

#Information-disclosure
#session-management
#web-container
#session-identification
#user-session