Description
AS Java Web Container does not sufficiently encode user controlled inputs, resulting in content spoofing vulnerability when error pages are displayed.
Available fix and Supported packages
- ENGINEAPI | 7.10 | 7.11
- ENGINEAPI | 7.30 | 7.30
- ENGINEAPI | 7.31 | 7.31
- ENGINEAPI | 7.40 | 7.40
- ENGINEAPI 7.10 | SP022 | 000000
- ENGINEAPI 7.11 | SP017 | 000000
- ENGINEAPI 7.30 | SP016 | 000000
- ENGINEAPI 7.31 | SP015 | 000018
- ENGINEAPI 7.31 | SP016 | 000017
- ENGINEAPI 7.31 | SP019 | 000000
- ENGINEAPI 7.40 | SP010 | 000018
- ENGINEAPI 7.40 | SP011 | 000016
- ENGINEAPI 7.40 | SP014 | 000000
- ENGINEAPI 7.50 | SP005 | 000000
Affected component
- BC-JAS-WEB
Web Container, HTTP, JavaMail, Servlets
CVSS
Score: 0
Exploit
Exploit is not available.
For detailed information please contact the mail [email protected]
URL
https://launchpad.support.sap.com/#/notes/2314976