Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-33683

Опубликовано: 14 июл. 2021
Источник: nvd
CVSS3: 5.4
CVSS3: 4.3
CVSS2: 4
EPSS Низкий

Описание

SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, process invalid HTTP header. The incorrect handling of the invalid Transfer-Encoding header in a particular manner leads to a possibility of HTTP Request Smuggling attack. An attacker could exploit this vulnerability to bypass web application firewall protection, divert sensitive data such as customer requests, session credentials, etc.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:web_dispatcher:7.8_kernel_7.21:*:*:*:*:*:*:*
cpe:2.3:a:sap:web_dispatcher:7.21ext:*:*:*:*:*:*:*
cpe:2.3:a:sap:web_dispatcher:7.22:*:*:*:*:*:*:*
cpe:2.3:a:sap:web_dispatcher:7.22ext:*:*:*:*:*:*:*
cpe:2.3:a:sap:web_dispatcher:7.49:*:*:*:*:*:*:*
cpe:2.3:a:sap:web_dispatcher:7.53:*:*:*:*:*:*:*
cpe:2.3:a:sap:web_dispatcher:7.73:*:*:*:*:*:*:*
cpe:2.3:a:sap:web_dispatcher:7.77:*:*:*:*:*:*:*
cpe:2.3:a:sap:web_dispatcher:7.81:*:*:*:*:*:*:*
cpe:2.3:a:sap:web_dispatcher:7.82:*:*:*:*:*:*:*
cpe:2.3:a:sap:web_dispatcher:krnl32nuc_7.21:*:*:*:*:*:*:*
cpe:2.3:a:sap:web_dispatcher:krnl32uc_7.21:*:*:*:*:*:*:*
cpe:2.3:a:sap:web_dispatcher:krnl64nuc_7.21:*:*:*:*:*:*:*
cpe:2.3:a:sap:web_dispatcher:krnl64uc_7.21:*:*:*:*:*:*:*
cpe:2.3:a:sap:web_dispatcher:webdisp_7.53:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:sap:internet_communication_manager:7.21ext:*:*:*:*:*:*:*
cpe:2.3:a:sap:internet_communication_manager:7.22:*:*:*:*:*:*:*
cpe:2.3:a:sap:internet_communication_manager:7.22ext:*:*:*:*:*:*:*
cpe:2.3:a:sap:internet_communication_manager:7.49:*:*:*:*:*:*:*
cpe:2.3:a:sap:internet_communication_manager:7.53:*:*:*:*:*:*:*
cpe:2.3:a:sap:internet_communication_manager:7.73:*:*:*:*:*:*:*
cpe:2.3:a:sap:internet_communication_manager:7.77:*:*:*:*:*:*:*
cpe:2.3:a:sap:internet_communication_manager:7.81:*:*:*:*:*:*:*
cpe:2.3:a:sap:internet_communication_manager:7.82:*:*:*:*:*:*:*
cpe:2.3:a:sap:internet_communication_manager:kernel_7.21:*:*:*:*:*:*:*
cpe:2.3:a:sap:internet_communication_manager:krnl32nuc_7.21:*:*:*:*:*:*:*
cpe:2.3:a:sap:internet_communication_manager:krnl32uc_7.21:*:*:*:*:*:*:*
cpe:2.3:a:sap:internet_communication_manager:krnl64nuc_7.21:*:*:*:*:*:*:*
cpe:2.3:a:sap:internet_communication_manager:krnl64uc_7.21:*:*:*:*:*:*:*
cpe:2.3:a:sap:internet_communication_manager:webdisp_7.53:*:*:*:*:*:*:*

EPSS

Процентиль: 25%
0.00086
Низкий

5.4 Medium

CVSS3

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-444
CWE-444

Связанные уязвимости

github логотип

GHSA-wp36-xpj5-g4w9

CVSS3: 4.3
github
больше 3 лет назад

SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, process invalid HTTP header. The incorrect handling of the invalid Transfer-Encoding header in a particular manner leads to a possibility of HTTP Request Smuggling attack. An attacker could exploit this vulnerability to bypass web application firewall protection, divert sensitive data such as customer requests, session credentials, etc.

EPSS

Процентиль: 25%
0.00086
Низкий

5.4 Medium

CVSS3

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-444
CWE-444