SAP Knowledge Base Article - Preview

2686671 - Security: JavaScript files accessible without authentication


  • A security audit has indicated the risk of there being an 'Unprotected Directory'



  • SAP NetWeaver Enterprise Portal
  • All releases


SAP NetWeaver 7.3 ; SAP NetWeaver 7.4 ; SAP NetWeaver 7.5 ; SAP enhancement package 1 for SAP NetWeaver 7.3


Web Server Misconfiguration: Unprotected Directory, directory traversal, directory listing, Cross-Site Request Forgery, CSRF, XSRF, NavigationFramework.js, js13_epcf.js, HistoryFramework.js, lsapi.js, helpCenterPlugin.js, JSUtils.js, pagesupport.js, controls_nn6.js, popup_sf3.js, RTMFProxy.js, lightspeed.js, sapUrMapi_sf3.js, HeaderlessSupport.js, OBN.js,, static web resources, .css, .js, risk, threat, gain access, guess, script injection attack , KBA , EP-PIN-NAV , Navigation , EP-PIN-PRT , Portal Runtime , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.