CVE-2018-2504 - OpenCVE

SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sap	Netweaver Application Server Java

Configuration 1 [-]

OR	cpe:2.3:a:sap:netweaver_application_server_java:7.10:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:7.11:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:7.20:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:7.30:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:7.31:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:7.40:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:7.50:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/106150
https://launchpad.support.sap.com/#/notes/2718993
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699

History

No history.

MITRE

Status: PUBLISHED

Assigner: sap

Published: 2018-12-11T23:00:00

Updated: 2024-08-05T04:21:34.413Z

Reserved: 2017-12-15T00:00:00

Link: CVE-2018-2504

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-12-11T22:29:00.640

Modified: 2021-04-21T12:30:32.197

Link: CVE-2018-2504

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "SAP NetWeaver AS Java (ServerCore)", "vendor": "SAP", "versions": [{"status": "affected", "version": "= 7.10"}, {"status": "affected", "version": "= 7.11"}, {"status": "affected", "version": "= 7.20"}, {"status": "affected", "version": "= 7.30"}, {"status": "affected", "version": "= 7.31"}, {"status": "affected", "version": "= 7.40"}, {"status": "affected", "version": "= 7.50"}]}], "datePublic": "2018-12-11T00:00:00", "descriptions": [{"lang": "en", "value": "SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50."}], "problemTypes": [{"descriptions": [{"description": "Cross-Site Scripting", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-12-12T10:57:01", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699"}, {"tags": ["x_refsource_MISC"], "url": "https://launchpad.support.sap.com/#/notes/2718993"}, {"name": "106150", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/106150"}], "source": {"discovery": "UNKNOWN"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@sap.com", "ID": "CVE-2018-2504", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SAP NetWeaver AS Java (ServerCore)", "version": {"version_data": [{"version_name": "=", "version_value": "7.10"}, {"version_name": "=", "version_value": "7.11"}, {"version_name": "=", "version_value": "7.20"}, {"version_name": "=", "version_value": "7.30"}, {"version_name": "=", "version_value": "7.31"}, {"version_name": "=", "version_value": "7.40"}, {"version_name": "=", "version_value": "7.50"}]}}]}, "vendor_name": "SAP"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cross-Site Scripting"}]}]}, "references": {"reference_data": [{"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699", "refsource": "MISC", "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699"}, {"name": "https://launchpad.support.sap.com/#/notes/2718993", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/2718993"}, {"name": "106150", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106150"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T04:21:34.413Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://launchpad.support.sap.com/#/notes/2718993"}, {"name": "106150", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/106150"}]}]}, "cveMetadata": {"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2018-2504", "datePublished": "2018-12-11T23:00:00", "dateReserved": "2017-12-15T00:00:00", "dateUpdated": "2024-08-05T04:21:34.413Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:7.10:*:*:*:*:*:*:*", "matchCriteriaId": "D60371A7-F8F4-46F8-9659-DD4EE84B81EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:7.11:*:*:*:*:*:*:*", "matchCriteriaId": "C6B085AF-8CEE-4A87-B381-F36C989FB2A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:7.20:*:*:*:*:*:*:*", "matchCriteriaId": "43A28C48-4325-4694-88B1-FEE46EBFB0A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:7.30:*:*:*:*:*:*:*", "matchCriteriaId": "24A1E0B9-8C28-41BC-B050-237B5F929C9C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:7.31:*:*:*:*:*:*:*", "matchCriteriaId": "EEAE6C2A-821F-4123-BD56-0FDADF9D63C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:7.40:*:*:*:*:*:*:*", "matchCriteriaId": "F5308FCE-8B2C-4B4D-BEE7-3CF544570B68", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:7.50:*:*:*:*:*:*:*", "matchCriteriaId": "9C506445-3787-4BFF-A98B-7502A0F7CF80", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50."}, {"lang": "es", "value": "El servicio Java Web Container, de SAP NetWeaver AS, no valida contra una lista blanca la cabecera HTTP del host, lo que puede resultar en una vulnerabilidad de manipulaci\u00f3n de la cabecera HTTP del host o de Cross-Site Scripting (XSS). La vulnerabilidad se ha solucionado en las versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 y 7.50."}], "id": "CVE-2018-2504", "lastModified": "2021-04-21T12:30:32.197", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-12-11T22:29:00.640", "references": [{"source": "cna@sap.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106150"}, {"source": "cna@sap.com", "tags": ["Permissions Required"], "url": "https://launchpad.support.sap.com/#/notes/2718993"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}