CVE-2006-1039

Name of the Vulnerable Software and Affected Versions SAP Web Application Server (WebAS) Kernel versions prior to 7.0

Description The issue allows remote attackers to inject arbitrary bytes into the HTTP response, potentially obtaining sensitive authentication information or having other impacts. This can be achieved by sending a ";%20" followed by encoded HTTP headers.

Recommendations For versions prior to 7.0, update to version 7.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive authentication information to minimize the risk of exploitation.