|
| 1 | +[basic] |
| 2 | +description = "SAP Web Application Server 6.10 至 7.00 版本的 BSP 运行环境中的 frameset.htm 存在 URI 重定向漏洞。远程攻击者可通过向 sap-sessioncmd 参数传递 close 命令、同时在 sap-exiturl 参数中构造恶意 URL,诱使已登录用户退出系统并重定向至任意外部网站,从而实施钓鱼攻击。该漏洞影响 SAP Web Application Server 6.x 及 7.0 系列版本,CVSS 评分 5.0,危害等级中危。厂商已发布安全补丁,建议用户升级至修复版本。" |
| 3 | +published = "2005-11-16T21:22:00.000" |
| 4 | +remediation = "建议升级 SAP Web Application Server 至 7.00 之后的补丁版本,安装对应 SAP Security Note 修复包。如无法升级,可在 SAP Web Dispatcher 或反向代理层配置 URL 过滤规则,拦截包含 sap-sessioncmd=close 及 sap-exiturl 参数的外部请求,同时加强对 exiturl 参数的白名单校验以防止未授权重定向。" |
| 5 | +score = 5 |
| 6 | +severity = "MEDIUM" |
| 7 | +sources = ["nuclei"] |
| 8 | +title = "SAP Web Application Server URI 重定向漏洞" |
| 9 | +updated = "2026-06-16T22:17:18.450" |
| 10 | + |
| 11 | +[exploit] |
| 12 | +exp_urls = [] |
| 13 | +poc_urls = [] |
| 14 | + |
| 15 | +[id] |
| 16 | +aliases = ["CVE-2005-3634"] |
| 17 | +ave_id = "AVE-2005-0006" |
| 18 | + |
| 19 | +[meta] |
| 20 | +collected_at = "2026-07-15T00:00:00Z" |
| 21 | +status = "completed" |
| 22 | + |
| 23 | +[references] |
| 24 | +urls = [ |
| 25 | + "http://marc.info/?l=bugtraq&m=113156525006667&w=2", |
| 26 | + "http://secunia.com/advisories/17515/", |
| 27 | + "http://securityreason.com/securityalert/163", |
| 28 | + "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf", |
| 29 | + "http://www.securityfocus.com/bid/15362", |
| 30 | + "http://www.securitytracker.com/alerts/2005/Nov/1015174.html", |
| 31 | + "http://www.vupen.com/english/advisories/2005/2361", |
| 32 | + "https://exchange.xforce.ibmcloud.com/vulnerabilities/23031", |
| 33 | + "https://www.exploit-db.com/exploits/26488", |
| 34 | + "https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2005/CVE-2005-3634.yaml", |
| 35 | + "https://github.com/trickest/cve/blob/a90de4f84b4783951362f491671e1e9decfc17cb/2005/CVE-2005-3634.md", |
| 36 | + "https://github.com/projectdiscovery/nuclei-templates/blob/69a5a3cf926251a00061ec14d208b227367df73d/http/cves/2005/CVE-2005-3634.yaml", |
| 37 | + "https://github.com/CVEProject/cvelistV5/blob/8aea42c71147e21c6d32b71ffce877107de995c6/cves/2005/3xxx/CVE-2005-3634.json", |
| 38 | + "https://github.com/adampielak/nuclei-templates/blob/ac9605f5a915670fd80cb4e1904f4435f1835b65/nuclei-v3/C/CVE-2005-3634_4.yaml", |
| 39 | + "https://github.com/youki992/VscanPlus/blob/714a0e276a538a22c1a6215c71458a8b59a920ef/pocs_yml/nucleiFiles/http/cves/2005/CVE-2005-3634.yaml", |
| 40 | + "https://github.com/rix4uni/nucleihub-templates/blob/579a0234551b9e0e322460a62dc77bd6109e4aff/nucleihub-templates/CVE-2005-3634_4.yaml", |
| 41 | + "https://github.com/adampielak/nuclei-templates/blob/ac9605f5a915670fd80cb4e1904f4435f1835b65/nuclei-v3/C/CVE-2005-3634_7.yaml", |
| 42 | + "https://github.com/elijah-bennett0/IntentLimit/blob/bcfe225cf61ee454aa53896f7f3120246f52119f/tools/exploitation/GoldenBullet/exploits/cve_2005_3634/cve_2005_3634.py", |
| 43 | + "https://github.com/rjp2525/cve-data/blob/2f3ce5ef3a11f37d0a2e7d88f12b74499612a438/2005/CVE-2005-3634.json", |
| 44 | + "https://github.com/daffainfo/cvelist/blob/37b3071167a2a3fb5757922e970775326b735d8f/cves/2005/3xxx/CVE-2005-3634.json", |
| 45 | +] |
0 commit comments