CVE-2003-0748

Опубликовано: 20 окт. 2003

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Directory traversal vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the ~theme parameter and a ~template parameter with a filename followed by space characters, which can prevent SAP from effectively adding a .html extension to the filename.

Ссылки

http://archives.neohapsis.com/archives/bugtraq/2003-08/0361.html
Exploit
Vendor Advisory
http://www.securityfocus.com/bid/8516
Exploit
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/13066
http://archives.neohapsis.com/archives/bugtraq/2003-08/0361.html
Exploit
Vendor Advisory
http://www.securityfocus.com/bid/8516
Exploit
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/13066

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sap:internet_transaction_server:4620.2.0.323011:*:*:*:*:*:*:*

EPSS

Процентиль: 91%

0.06855

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-fgvr-w82f-6xvw

github

почти 4 года назад