/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
Sending to SAP BusinessObjects Enterprise XI 3.1 a crafted request by URL http://<BOESERVER>/InfoViewApp/listing/headerPlus.do?lastPage='long string', where the long string is a string containing 4135 bytes, leads to the result as follows:
- InfoView tab in a browser changes its name to "null Toolbar"
- Tomcat Application Server intermittently returns HTTP Error 500 "Internal server error"
Note: HTTP Error 500 "Internal server error" was detected only if sending that request by a HTTP proxy tool
Read more...
Environment
- SAP BusinessObjects Enterprise XI 3.1 SP5
- SAP BusinessObjects Edge XI 3.1 SP5
- Apache Tomcat Application Server 5.5
Product
SAP BusinessObjects Business Intelligence Edge 3.1, standard package ; SAP BusinessObjects Business Intelligence, Edge edition 4.0, standard package ; SAP BusinessObjects Business Intelligence, Edge edition 4.0, standard package, feature pack 3 ; SAP BusinessObjects Business Intelligence, Edge edition 4.1, standard package ; SAP BusinessObjects Enterprise XI 3.1
Keywords
null toolbar, HTTP 500, proxy, security, vulnerability, flaw, lastPage, string, URL, buffer overflow , KBA , BI-BIP-DEP , Webapp Deployment, Networking, Vulnerabilities, Webservices , Bug Filed
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)