CVE-2018-2415

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server Java Web Container and HTTP Service versions 7.10 through 7.11, 7.30, 7.31, 7.40, 7.50 J2EE Engine Server Core versions 7.11, 7.30, 7.31, 7.40, 7.50

Description The issue arises from insufficient encoding of user-controlled inputs, leading to a content spoofing issue when error pages are displayed.

Recommendations For SAP NetWeaver Application Server Java Web Container and HTTP Service versions 7.10 through 7.11, 7.30, 7.31, 7.40, 7.50, consider implementing proper input encoding to prevent content spoofing. For J2EE Engine Server Core versions 7.11, 7.30, 7.31, 7.40, 7.50, ensure that user-controlled inputs are sufficiently encoded to mitigate the risk of content spoofing. At the moment, there is no information about a newer version that contains a fix for this vulnerability.