2926290 - SAP Portal and BREACH with GZIP compression

Symptom

A penetration test indicated a possible vulnerability in SAP Enterprise portal (/irj/portal) for BREACH attacks due to gzip compression being enabled.

Environment

NetWeaver Application Server Java
Enterprise Portal

Product

SAP NetWeaver 7.3 ; SAP NetWeaver 7.4 ; SAP NetWeaver 7.5

Keywords

exploit vulnerability security breach XSRF report , KBA , EP-PIN-PRT , Portal Runtime , BC-JAS-WEB , Web Container, HTTP, JavaMail, Servlets , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.