CVE-2018-2504
published 2018-12-11CVE-2018-2504: SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | netweaver_application_server_java | — | — |
| sap | netweaver_application_server_java | — | — |
| sap | netweaver_application_server_java | — | — |
| sap | netweaver_application_server_java | — | — |
| sap | netweaver_application_server_java | — | — |
| sap | netweaver_application_server_java | — | — |
| sap | netweaver_application_server_java | — | — |
| sap | sap_netweaver_as_java | — | — |
| sap | sap_netweaver_as_java | — | — |
| sap | sap_netweaver_as_java | — | — |
| sap | sap_netweaver_as_java | — | — |
| sap | sap_netweaver_as_java | — | — |
| sap | sap_netweaver_as_java | — | — |
| sap | sap_netweaver_as_java | — | — |