SAP Knowledge Base Article - Preview

2926290 - SAP Portal and BREACH with GZIP compression

Symptom

A penetration test indicated a possible vulnerability in SAP Enterprise portal (/irj/portal) for BREACH attacks due to gzip compression being enabled.


Read more...

Environment

  • NetWeaver Application Server Java
  • Enterprise Portal

Product

SAP NetWeaver 7.3 ; SAP NetWeaver 7.4 ; SAP NetWeaver 7.5

Keywords

exploit vulnerability security breach XSRF report , KBA , EP-PIN-PRT , Portal Runtime , BC-JAS-WEB , Web Container, HTTP, JavaMail, Servlets , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.